NEWSPAPER 


THE  VOICE  OF  IT  MANAGEMENT  ■  WWW.COMPUTERWORLD.COM 


JANUARY  8,  2007  ■  VOL.  41  ■  NO.  2  ■  S5/C0PY 


DOT  Pushes 
To  Broaden 
Data  Sharing 

Agency  will  use  central  database 
to  make  crime  info  widely  available 


BY  TODD  R.  WEISS 

The  U.S.  Department  of  Jus¬ 
tice  is  pushing  the  FBI  and  its 
other  operating  units  to  speed 
up  and  expand  their  efforts  to 
share  a  wide  array  of  crime 
information  with 
outside  law  enforce¬ 
ment  agencies  via  a 
centralized  database 
called  OneDOJ. 

In  a  Dec.  21  memo, 

Deputy  Attorney 
General  Paul  J.  Mc¬ 
Nulty  also  directed 
CIO  Vance  Hitch  to 
work  with  all  of  the 
DOJ’s  component 
agencies  to  develop 
“an  aggressive  but 
practical  plan”  for 
increasing  their  information¬ 
sharing  capabilities.  The  plans, 
which  must  be  submitted  to 
McNulty’s  office  by  Feb.  9,  will 
include  steps  that  can  be  taken 
within  the  next  180  days  to 
enable  the  units  to  participate 
more  fully  in  seven  ongoing 
data-sharing  initiatives. 


In  addition,  McNulty 
assigned  Hitch  to  a  new  com¬ 
mittee  that  will  coordinate 
the  DOJ’s  information-sharing 
program.  And  he  said  in  the 
memo  that  the  coordinat¬ 
ing  committee  and 
his  staff  will  work 
with  Hitch’s  office 
to  develop  plans  for 
implementing  the 
Unix-based  OneDOJ 
technology  internally 
in  15  high-priority 
metropolitan  areas 
and  other  regions. 

The  plan  to  expand 
the  use  of  OneDOJ 
by  other  law  enforce¬ 
ment  authorities  at 
the  federal,  state  and 
local  levels  has  raised  the  hack¬ 
les  of  some  privacy  and  civil 
rights  advocates,  who  said  last 
week  that  the  DOJ  will  need  to 
work  hard  to  ensure  that  the 
increased  information  sharing 
doesn’t  infringe  on  the  rights  of 
law-abiding  Americans. 

Data  Sharing,  page  35 


The  Census 
Bureau  says  it  will 
roll  out  the  first  of 
500,000  handhelds 
in  May.  PAGE  7 

DARPA  is  fund¬ 
ing  aS650  million 
effort  to  develop 
faster  but  easier- 
to-use  supercom¬ 
puters.  PAGE  35 
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During  an  avian  flu  pandemic,  you'd  need  to  keep  critical  systems 
running  -  but  without  25%  to  40%  of  your  staff.  Are  you  ready? 
Probably  not,  Robert  L.  Mitchell  reports. 


Hospitals  Seek  IRS  Ruling 
On  E-health  Software  Sales 

Nonprofits  fear  exemption  from  fraud 
statutes  won’t  protect  their  tax  status 


BY  HEATHER  HAVENSTEIN 

Five  months  after  the  federal 
government  altered  antikick¬ 
back  laws  to  speed  the  adop¬ 
tion  of  electronic  medical 
records,  many  hospitals  still 
fear  that  providing  EMR  tech¬ 


nology  to  physicians  at  cut- 
rate  prices  could  lead  to  tax 
problems. 

The  U.S.  Department  of 
Health  and  Human  Services 
in  August  granted  hospitals 
partial  exemptions  from 


federal  fraud  laws  that  had 
prohibited  them  from  pro¬ 
viding  discounted  EMR  or 
prescription-writing  software 
to  individual  doctors  or  small 
groups  of  physicians.  The  laws 
are  meant  to  prevent  hospitals 
from  influencing  physicians’ 
decisions  about  where  to  hos¬ 
pitalize  patients. 

The  exemption  allows  hos¬ 
pitals  to  sell  EMR  and  elec¬ 
tronic  prescription  software  u: 
physicians  for  15%  of  the  cost 
E-health ,  page  12 


LONDON  STOCK  EXCHANGE  CHOOSES 
WINDOWS  OVER  LINUX  FOR  RELIABILITY 
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Reliability  Is  Key  in  the 
World’s  Capital  Market 

By  MICHAEL  BETTENDORF 


LONDON,  Oct.  2006 — When  an  IT  system 
must  process  15  million  real-time  messages  per  day, 
with  peaks  at  2,000  messages  per  second,  even  one 
second  of  downtime  counts.  That’s  the  pressure  the 
London  Stock  Exchange  faced  when  building 
Infolect,  the  Exchange’s  real-time  stock-ticker 
information  delivery  system. 

The  solution  had  to  have  rock-solid  reliability, 
nothing  less.  “Reliability  is  one  of  the  key  attributes 
of  the  Exchange  in  its  technology  systems.  These 
systems  have  to  work  every  day,  24/7,  to  make  sure 
the  markets  are  there,”  said  CIO  David  Lester,  who 
evaluated  both  Linux  and  Microsoft®  Windows 
Server®  2003  for  the  Exchange’s  core  technology 
systems.  “We  looked  at  a  number  of  different  plat¬ 
forms  for  our  Technology  Roadmap,  and  we  lined 
up  our  business  requirements  with  the  capabilities 
of  those  platforms,  and  Windows  Server  was  the 
clear  choice.” 

In  Lester’s  view,  long-term  reliability  is  a  func¬ 
tion  of  a  solid  relationship:  “We  wanted  a  deep  part¬ 
nership  with  an  organization  that  could  deliver  the 
kind  of  mission-critical  technology  that  we  need¬ 
ed,  and  we  felt  Microsoft  delivered  just  that.” 

For  the  full  London  Stock  Exchange  case  study, 
plus  other  case  studies  and  independent  research 
findings  on  the  reliability  of  Windows  Server  versus 
Linux,  visit  microsoft.com/getthefacts 
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BREAKING  NEWS:  London  Stock 
Exchange  Achieves  Record  Reliability 

London  Stock  Exchange  CIO  David  Lester 
(above)  cites  Windows  Server  as  key  to  main¬ 
taining  system  reliability  and  performance. 


LESTER  SPEAKS  OUT: 

“We  looked  at  a  number  of  different  platforms 
for  our  Technology  Roadmap,  and  we  lined  up 
our  business  requirements  with  the  capabilities  of 
those  platforms,  and  Windows  Server  was  the 
clear  choice.” 

-David  Lester,  CIO,  London  Stock  Exchange 

JOURNALISM  BEAT:  Continued  growth 
for  reliability-focused  newspapers  A  world¬ 
wide  survey  tracking  trends  in  newspaper  use 


Some  companies  don’t  just  me 
They  create  it. 


ary  lorn.  Technology,  innovation,  change.  No  mattei 
&  Johnson’s  growth  On  the  next  episode  of  Change  A 
io  Council  discuss  the  power  of  change  at  Johnson  &  Jof 
oh  the  show,  submit  a  question  and  explore.  The  episode 
r  available  on  demand  any  time,  hp.com/qo/chanqoa 
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Adapt  or  Die 

In  the  Technology  section:  As  security  threats  evolve,  systems  will 
have  to  become  adaptive  and  resilient.  Our  Future  Watch  finds 
that  researchers  are  working  on  adapative  security  measures 
such  as  “anomaly  detectors”  and  “virtual  controlled  burns,” 
which  are  deliberate  releases  of  nonvirulent  worms.  Page  24 
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Sabre’s  Web  Services  Journey 

In  the  Management  section:  Web  services  have 
helped  Sabre  Holdings  break  free  of  mainframe 
constraints  and  deliver  enhanced  services  to  spur 
growth  and  revenue  for  travel  industry  customers 
like  Abacus  International’s  Lim  Lai  Hock.  Page  27 
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6  Data  center  managers  say  the  re¬ 
cent  storm-related  power  out¬ 
ages  in  several  cities  highlight  the 
need  for  companies  to  be  able  to 
run  their  IT  facilities  on  backup 
power  for  lengthy  periods. 

7 Adobe  Systems  is  urging  users 
to  upgrade  to  the  most  recent 
versions  of  its  Reader  and  Acrobat 
software  amid  concerns  that  a 
newly  disclosed  vulnerability  in 
the  products  could  expose  a  large 
number  of  systems  to  attacks. 


7  The  Census  Bureau  says  that  a 
planned  $600  million  rollout  of 
handheld  computers  is  on  track 
and  that  the  first  1,400  devices 
will  be  given  to  users  in  May. 

8  A  losing  congressional  candi¬ 
date  in  Florida  appeals  a  state 
judge’s  ruling  that  prohibits  ac¬ 
cess  to  the  source  code  of  touch¬ 
screen  voting  machines  used  in 
the  disupted  fall  election. 


8SpectraLink  announces  its  first 
voice-over-wireless  phones  in 
more  than  three  years,  saying  that 
the  new  models  support  all  three 
Wi-Fi  standards  and  have  an  eight- 
hour  battery  life. 


9  Global  Dispatches:  After  a  four- 
year  bidding  process,  the  Ger¬ 
man  military  awards  IBM  and 
Siemens  a  multimillion-euro  con¬ 
tract  to  update  and  then  manage 
its  IT  operations. 


9  The  H-1B  visas  available  for  the 
government’s  next  fiscal  year 
are  expected  to  be  snapped  up, 
making  it  likely  that  proposals  to 
raise  the  annual  cap  will  again  be 
introduced  in  Congress. 


A  C  Heads  in  the  Sand.  During  an 
I U  avian  flu  pandemic,  IT  depart¬ 
ments  would  need  to  keep  critical 
systems  running  despite  staff  ab¬ 
senteeism  rates  that  could  reach 
40%  as  the  pandemic  runs  its  six-to- 
eight-week  course.  But  many  orga¬ 
nizations  haven’t  started  planning. 
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MWhy  New  IT 
Managers 
Fail.  Most  new 
IT  managers 
see  themselves 
as  leaders,  use 
the  rhetoric  of 
leadership  and 
feel  its  burdens, 
but  they  just  don’t  get  it  —  and  it 
shows.  Harvard  Business  School’s 
Linda  A.  Hill  explains  what’s 
wrong  and  what  managers  can  do 
about  it. 


Career  Watch.  Veteran  IT 
recruiter  Paul  Taylor  talks 
about  what  IT 
employers  are 
looking  for.  Also, 
the  developer 
population  boom 
in  Asia,  and  six 
myths  your  HR 
department  prob¬ 
ably  believes. 


On  the  Mark:  Mark  Hall  writes 
that  the  market  for  authoring 
tools  is  getting  more  bare-knuckle, 
as  upstarts  such  as  MadCap  Soft¬ 
ware  target  Adobe  FrameMaker 
with  native  XML  products. 

Don  Tennant 

believes 

Time  magazine’s 
selection  of  “You” 
as  its  Person  of 
the  Year  under¬ 
mines  the  legiti¬ 
macy  of  citizen 
journalism. 

Michael  Gartenberg,  a  corpo¬ 
rate  blogger  for  the  past  five 
years,  offers  six  tips. 

Ben  Rothke  says  e-voting 
vendors  are  on  the  wrong 
track,  but  trustworthy  systems 
are  possible. 

Mike  Elgan  says  “faith-based” 
backup  plans  can  lead  to  di¬ 
saster  for  road  warriors.  The  solu¬ 
tion?  A  USB  drive  in  your  pocket. 

Paul  Glen  thinks  that  becoming 
a  good  manager  takes  more 
than  either  training  or  experience. 
It  requires  a  combination  of  both. 

Frankly  Speaking:  Frank  Hayes 

cautions  that  IT’s  favorite 


word  —  no  —  can  lead  to  grief 
when  users  are  on  a  mission. 
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Desktop  CPU  Road  Map 

HARDWARE:  Based  on  the  confidential  road 
maps  of  both  Intel  and  AMD,  it’s  clear  that 
dual-core  CPUs  are  only  the  launching  point 
for  the  future  of  the  microprocessor.  What 
advances  will  the  new  year  bring  to  desktop 
CPUs?  O  www.computerworld.com/hardware 

100  Gigabit  Ethernet 
For  the  Masses 

NETWORKING:  The  need  for  bigger  pipes  for 
operations  like  YouTube  —  which  is  experi¬ 
encing  site  traffic  growth  of  20%  per  month 
—  is  driving  the  move  toward  100G  Ethernet. 

©  www.computerworld.com/networking 

If  2006  Was  ‘Momentous’ 

For  Apple,  What’s  Next? 

MACINTOSH:  As  exciting  as  2006  was  for 
Apple  fans,  who  got  everything  from  Intel- 
based  Macs  to  updated  iPods,  2007  promises 
to  be  even  bigger. 

©  www.computerworld.com/mac 

CES,  Macworld  Coverage 

NEWS:  For  the  latest  on  this  week’s  big 
tech  conventions,  including  Macworld 
in  San  Francisco  and  the  Consumer 
Electronics  Show  in  Las  Vegas,  visit  our 
Web  site.  ©  www.computerworld.com 

Computerworld  Podcasts 

Our  lineup  of  free  audio  programs  includes 
the  Weekly  Input/Output  (a  discussion  of 
top  IT  news  stories),  Storage  This  Week  (a 
look  at  personal  and  enterprise  storage)  and 
The  Computerworld  TechCast  (explanations 
of  key  enterprise  technologies  and  manage¬ 
ment  processes). 

©  www.computeiworld.com/podcasts 

ONLINE  DEPARTMENTS 

Breaking  News  computerworld.com/oew: 

Newsletter  Subscriptions  computerworld.com/ne.wsi?! 
Knowledge  Centers  computerworkf.con  .■■■ 
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Computer  Theft 
Exposes  Patient  Data 

The  theft  of  a  computer  from  the 
office  of  health  care  contractor 
Electronic  Registry  Systems  Inc. 
late  last  year  exposed  sensitive 
data  from  about  25,000  patients 
in  five  states.  The  compromised 
data  includes  the  names,  ad¬ 
dresses,  diagnoses,  treatment 
information  and  Social  Security 
numbers  of  patients  of  five  re¬ 
gional  health  care  providers. 


Cisco  Warns  About 
Software  Flaws 

Cisco  Systems  Inc.  has  issued  an 
advisory  about  two  vulnerabili¬ 
ties  in  the  Cisco  Clean  Access 
network  access  control  software. 
The  flaws  could  allow  remote 
attackers  to  gain  control  of  the 
devices  or  glean  sensitive  data 
from  customers.  Cisco  Clean  Ac¬ 
cess  allows  companies  to  screen 
the  machines  of  users  attempt¬ 
ing  to  connect  to  a  network  over 
wired,  wireless  or  virtual  private 
network  connections. 


Patch  Issued  for 
OpenOfhce.org  App 

The  OpenOffice.org  community 
has  released  a  patch  to  fix  a  vul¬ 
nerability  in  its  open-source  pro¬ 
ductivity  suite.  The  flaw  can  be 
exploited  by  creating  a  malicious 
file  in  the  Windows  Metafile  or 
Enhanced  Metafile  formats.  The 
flaw,  rated  “highly  critical”  by 
security  vendor  Secunia  ApS, 
was  first  reported  in  October. 
The  vendors  that  distribute 
OpenOffice  opted  not  to  issue 
the  patch  until  OpenOffice.org 
acknowledged  the  flaw. 


Seagate  Unveils 
First  1TB  Disk  Drive 

Seagate  Technology  LLC  has  dis¬ 
closed  that  it  plans  to  start  ship¬ 
ping  a  hard-disk  drive  with  1TB 
of  storage  capacity  during  the 
first  half  of  the  year.  The  capac¬ 
ity  of  the  new  drive  is  one-third 
greater  than  that  of  Seagate’s 
current  high-end  drive.  The  new 
drive  will  be  the  company’s  first 
to  use  emerging  perpendicular 
recording  technology.  Seagate 
did  not  disclose  pricing. 


Storms  Pose  Power  Tests 
For  Data  Center  Execs 


Lengthy  outages 
point  to  need  for 
backup  plans 

BY  ERIC  LAI 

S  VICE  president 
of  operations  and 
engineering  at  data 
center  operator 
Peak  10  Inc.,  Jeff  Biggs  is  well 
versed  in  protecting  IT  fa¬ 
cilities  against  power  outages 
caused  by  extreme  weather. 

For  example,  Biggs  has  tak¬ 
en  numerous  steps  to  harden 
Charlotte,  N.C.-based  Peak  10’s 
operations  in  Florida  against 
the  annual  threat  of  hurricanes 
—  like  making  sure  its  Jackson¬ 
ville  collocation  facility  taps 
into  the  city’s  underground 
power  lines  in  two  places,  in 
case  one  substation  or  line 
goes  down.  He  also  bought  a 
massive  1,500-kilowatt  diesel 
generator  for  Peak  10’s  Tampa 
data  center  and  signed  emer¬ 
gency  refueling  contracts  with 
two  separate  suppliers  in  case 
of  an  extended  outage. 

But  Biggs  acknowledged  that 
recent  storm-related  power 
outages  in  Denver,  Seattle  and 
St.  Louis,  all  of  which  left  parts 
of  those  cities  dark  for  a  week 
or  longer,  would  have  tested 
and  perhaps  overwhelmed 
Peak  10’s  precautions.  “An  out¬ 


age  that  long  —  oh  my  God,  it 
would  catch  even  my  fuel  sup¬ 
pliers  off  guard,”  he  said. 

IT  managers  have  focused 
much  attention  on  efforts 
to  cut  the  spiraling  costs  of 
powering  and  cooling  all  the 
servers  in  their  data  centers. 
But  in  many  cases,  they  have 
devoted  less  thought  to  better 
protecting  the  facilities  from 
power  outages,  according  to 
some  data  center  managers 
and  services  firms. 

In  a  recent  example,  a  Se¬ 
attle  data  center  that  supports 
the  reservations  systems  of 
a  major  airline  went  dark  for 
four  hours  on  Dec.  15  when 
its  backup  generator  failed 
to  turn  on  after  windstorm- 
induced  blackouts,  according 
to  Mark  Svenkeson,  president 
of  Hypertect  Inc.,  a  Roseville, 
Minn.-based  company  that 
builds  data  centers. 

“They  had  all  of  the  right 
pieces  in  place,”  he  said.  “It 
just  wasn’t  well  implemented, 
so  it  shut  the  business  down.” 

Weighing  the  Costs 

Although  universal  power  sup¬ 
plies  are  pretty  much  a  neces¬ 
sity  for  any  data  center,  not  ev¬ 
ery  company  has  a  backup  gas 
or  diesel  generator,  which  can 
easily  run  into  six  figures. 

The  Michigan  Schools  and 
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Storms  like  the  two  blizzards  that 
paralyzed  Denver  may  overwhelm 
data  center  power-outage  plans. 


Government  Credit  Union 
in  Clinton  Township  has  an 
uninterruptible  power  supply 
that  can  provide  up  to  three 
hours  of  backup  power.  But  for 
now,  it  lacks  a  generator,  said 
CIO  Scott  Townsend. 

“We  have  enough  to  ride 
out  short-term  outages,  which 
is  what  we  mostly  have,” 
Townsend  said.  He  added, 
though,  that  the  credit  union 
lost  power  for  a  day  and  a  half 
in  August  2003,  when  a  mas¬ 
sive  outage  in  the  Northeast 
and  Midwest  left  50  million 
people  without  electricity. 

The  credit  union  relies  on  a 
disaster  recovery  vendor  for 
data  backups  and  the  ability  to 


quickly  migrate  its  core  bank¬ 
ing  system  to  a  data  center  in  a 
different  state.  But  it  is  scout¬ 
ing  out  locations  for  a  new  data 
center,  for  which  Townsend 
plans  to  buy  a  generator. 

Svenkeson  recommended 
that  data  centers  have  two 
generators  so  they  have  “a 
backup  for  their  backup.”  But 
he  said  that  because  of  new 
U.S.  Environmental  Protection 
Agency  emission  requirements 
that  went  into  effect  at  the 
start  of  this  year,  enterprise- 
class  generators  have  become 
pricier  and  harder  to  find. 

The  number  of  back  orders 
at  many  generator  manufac¬ 
turers  is  so  large  that  it  could 
take  a  year  to  get  a  device  de¬ 
livered  if  a  company  places  an 
order  now,  Biggs  said. 

Gary  McAuliffe,  a  vice  pres¬ 
ident  at  Hosted  Solutions  LLC 
in  Raleigh,  N.C.,  said  the  op¬ 
erator  of  collocation  facilities 
bought  a  data  center  at  the  in¬ 
tersection  of  two  power  grids 
in  Boston.  Having  dual  power 
inlets  is  “a  huge  advantage,” 
said  McAuliffe,  who  manages 
the  Boston  facility.  “It’s  a  best 
practice,  clearly.” 

But  having  faced  ice  storms 
in  North  Carolina  that  caused 
two-day  power  outages  there, 
McAuliffe  maintains  4,000 
gallons  of  diesel  fuel  for  the 
generator  at  his  data  center. 

He  also  has  contracts  with 
multiple  fuel  suppliers.  In 
preparing  for  outages,  he  said, 
“you  have  to  plan  for  being  able 
to  provide  continuous  power 
for  more  than  a  week.”  * 


Buried  Power  Lines  Not  Favored  Beyond  City  Limits 


WHAT  MAY  BE  the  most  obvious 
power  infrastructure  upgrade  -  bury¬ 
ing  electrical  lines,  especially  in  areas 
where  wind,  hail,  heavy  snow  or 
falling  trees  are  threats  to  poles  and 
towers  -  still  isn't  considered  to  be  vi¬ 
able  or  even  desirable  in  most  cases. 

“In  terms  of  safety,  reliability  and 
especially  cost,  underground  lines 
are  the  least  preferred  choice  of  en¬ 
gineers,”  said  Rick  Pieper,  a  techni¬ 
cal  director  at  Henkels  &  McCoy  Inc., 
a  Blue  Bell,  Pa.-based  engineering 
and  construction  firm. 

In  the  U.S.,  high-voltage  power 
lines  are  typically  found  underground 


only  in  dense  commercial  areas,  such 
as  the  downtowns  of  major  cities. 
Although  underground  wires  may  ap¬ 
pear  to  be  less  vulnerable  than  ones 
aboveground,  Pieper  and  others  said 
they  are  much  more  expensive  to  in¬ 
stall  and  have  several  disadvantages. 

For  example,  aboveground  lines 
typically  are  uninsulated  and  cooled 
by  air.  In  contrast,  underground  lines 
quickly  build  up  heat  and  have  to  be 
cooled  by  methods  such  as  bathing 
them  in  oil  inside  their  steel  piping. 

Repairing  underground  wires  typi¬ 
cally  takes  longer  than  fixing  over¬ 
head  ones.  And  they  aren’t  necessar¬ 


ily  less  prone  to  storm  damage,  said 
Stan  Johnson,  a  manager  at  North 
American  Electric  Reliability  Corp.,  a 
nonprofit  self-regulatory  organization 
in  Princeton,  N.J.,  that  goes  by  the 
acronym  NERC.  Johnson  pointed 
out  that  salt  water  brought  ashore  by 
hurricanes  can  cause  as  much  dam¬ 
age  to  underground  lines  as  winds 
do  to  the  overhead  variety. 

Even  pro-reliability  watchdogs 
such  as  NERC  don’t  advocate  the 
use  of  underground  power.  "We 
push  for  a  more  reliable  system,  yes, 
but  we  do  not  as  a  general  rule  push 
for  utilities  to  build  underground  lines 


■n 

rather  than  aerial  transmission  poles,” 
said  Johnson. 

A  dense  underground  power  grid 
can  benefit  data  center  managers  in 
urban  areas  by  letting  them  tap  into 
lines  two  or  more  times  for  redun¬ 
dancy.  “That’s  the  Holy  Grail  for  data 
centers,  if  you  can  do  that,”  said  Jeff 
Biggs,  vice  president  of  operations 
and  engineering  at  data  center  op¬ 
erator  Peak  10. 

But  many  data  centers  are  migrat¬ 
ing  to  suburban  or  rural  locations. 

In  those  areas,  Pieper  said,  “as  the 
electricity  arrives  from  the  generat¬ 
ing  plant,  I  can  tell  you  it’s  all  going 
to  be  up  in  the  air  somewhere.” 

-ERIC  LAI 
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Adobe  Set  to  Issue  Patches  for 
Web-based  Acrobat,  Reader  Raws 


PDFs  in  Firefox 
most  vulnerable; 
upgrading  advised 

BY  JAIKUMAR  VIJAYAN 

Adobe  Systems  Inc.  this  week 
plans  to  issue  patches  for  re¬ 
cently  disclosed  vulnerabili¬ 
ties  in  its  widely  used  Adobe 
Reader  and  Acrobat  software. 

Security  analysts  noted  that 
the  flaws  can  be  easily  exploit¬ 
ed  —  any  Web  site  hosting 
PDF  files  can  be  used  to  carry 
out  an  attack. 

The  flaw  affects  Adobe 
Reader  and  Acrobat  Versions 
7.0.8  and  older  running  in  the 
open-source  Firefox  browser, 
and  Adobe  6.x  and  older  ver¬ 
sions  running  in  Microsoft 
Corp.’s  Internet  Explorer, 
analysts  said. 

The  vulnerability  was  dis¬ 
covered  by  a  pair  of  research¬ 
ers  in  Italy,  Stefano  Di  Paola  of 
the  University  of  Florence  and 


Giorgio  Fedon,  a  security  con¬ 
sultant  at  Milan-based  Emaze 
Networks  SpA. 

A  spokesman  for  San  Jose- 
based  Adobe  said  the  flaw 
allows  “remote  attackers  to 
inject  arbitrary  JavaScript  into 
a  browser  session.” 

In  an  e-mail,  Pam  Deziel, 
director  of  Adobe’s  platform 
business  unit,  said  that  users 
can  “address  the  issue  im¬ 
mediately”  by  upgrading  to 
Adobe  Reader  8  and  Acrobat  8. 

“Acrobat  and  Reader  custom¬ 
ers  who  wish  to  stay  with  their 
current  version  can  use  their 
browser  preferences  to  dis¬ 
able  the  Reader  plug-in  from 
opening  within  the  browser,” 
Deziel  added. 

Open  Access 

Researchers  said  the  flaw  is 
located  in  an  Adobe  Reader 
feature  called  Open  Param¬ 
eters,  which  allows  additional 
commands  to  be  sent  to  the 


program  when  opening  a  PDF 
file.  The  feature  allows  users 
“to  open  a  PDF  file  using  a  URL 
or  a  command  that  specifies 
both  the  file  to  be  opened,  plus 
actions  to  be  performed  once 
the  file  is  opened,”  according 
to  Adobe. 

Security  analysts  said 
the  problem  was  likely  cre¬ 
ated  because  Adobe  failed  to 
properly  validate  the  kind  of 
actions  that  can  be  initiated 
using  the  commands,  provid¬ 
ing  attackers  with  a  way  to  run 
malicious  JavaScript  code  on  a 
user’s  browser. 

Ken  Dunham,  director  of 
VeriSign  Inc.’s  iDefense  rapid 
response  team  in  Reston,  Va., 
said  an  attacker  could  use  the 
flaw  to  create  a  hostile  Web 
site  with  a  link  to  PDF  files 
on  a  bank’s  Web  site.  The  link 
could  contain  malicious  com¬ 
mands  that  would  be  executed 
when  the  PDF  file  was  opened 
in  a  user’s  browser,  he  said. 


“Instead  of  clicking  on  a  link 
to  get  a  PDF  file,  you  get  more 
than  you  bargained  for  —  the 
execution  of  hidden  JavaScript 
statements”  on  the  user’s 
browser,  Dunham  said. 

Such  malicious  JavaScripts 
could  be  used  to  steal  cookies, 
session  keys  and  Web  brows¬ 
ing  data,  he  noted. 

Since  the  scripts  would 
appear  to  be  running  in  the 
context  of  the  Web  sites  from 
which  the  PDFs  were  loaded, 
victims  would  be  unlikely  to 
suspect  or  detect  suspicious 
activity,  said  Billy  Hoffman, 
lead  research  engineer  at  SPI 
Dynamics  Inc.  in  Atlanta. 

Such  cross-site  scripting  is 


Work-around 


Client-side  work-around 
for  the  Adobe  flaw: 

■  Remove  plug-in  support  for 
i  PDF  files  within  the  browser. 

a. 

. . 

■  Disable  JavaScript. 

. 

■  Configure  PDF  files  to  launch 
the  Adobe  Acrobat  program 
instead  of  the  plug-in. 


usually  the  result  of  server- 
side  security  failures,  Hoffman 
said.  With  the  Adobe  flaw, 
however,  any  company  that 
hosts  a  PDF  file  on  its  Web 
site  could  find  its  site  and  its 
PDFs  co-opted  in  an  attack,  re¬ 
gardless  of  security  measures 
taken,  he  said. 

There  is  a  strong  likelihood 
that  the  flaw  will  be  attacked, 
because  the  Adobe  software  is 
widely  used  and  the  flaw  can 
be  easily  exploited,  Dunham 
said.  However,  the  impact  of 
attacks  will  likely  remain  low 
in  the  short  term,  he  added. 
“We  don’t  see  anything  more 
significant  than  stealing  cook¬ 
ies  and  session  data  and  that 
sort  of  thing,”  he  said. 

Dunham  did  note  that 
some  analysts  are  wondering 
whether  a  cross-site  script¬ 
ing  worm  could  be  created 
to  take  advantage  of  the  flaw. 
However,  such  a  development 
appears  unlikely,  at  least  in 
the  short  term,  he  added.  But 
for  the  moment,  this  remains 
“unproven,  undeveloped  and 
relatively  unlikely  at  this  time,” 
he  said.  » 


Census  to  Start  Small  on  Handheld  Rollout 

In  midst  of  S600M  project,  agency 
will  deploy  first  1,400  devices  in  May 


BY  MATT  HAMBLEN 

The  U.S.  Census  Bureau’s 
planned  $600  million  roll¬ 
out  of  handheld  computers 
is  scheduled  to  start  in  May, 
when  the  agency  expects  to 
deploy  1,400  devices  for  use  in 
updating  addresses  in  prepara¬ 
tion  for  the  2010  census. 

A  Census  Bureau  spokes¬ 
man  and  officials  at  the  proj¬ 
ect’s  prime  contractor,  Harris 
Corp.,  said  last  week  that  the 
handheld  deployment,  which 
was  announced  last  April,  is 
moving  forward  on  schedule. 
The  agency  will  eventually 
roll  out  500,000  devices. 

Harris  demonstrated  the 
handhelds  to  50  Census 
Bureau  officials  on  Dec.  14, 
transmitting  data  over  a  Sprint 
wireless  network,  said  Mike 
Murray,  vice  president  of  cen¬ 
sus  programs  at  the  vendor’s 


government  communications 
systems  division.  Murray  said 
the  initial  1,400  handhelds  will 
be  used  in  a  dress  rehearsal 
of  address  updates  in  two  test 
markets  during  May  and  June. 

As  the  rollout  progresses, 
the  devices  will  be  used  to  up¬ 
date  addresses  nationwide  in 

2009  and  will  then  be  used  in 

2010  to  input  information  dur¬ 
ing  a  canvass  of  homes  whose 
residents  fail  to  submit  paper 
census  surveys,  according  to 
Murray.  In  all,  census  takers 
equipped  with  the  handhelds 
might  visit  as  many  as  50  mil¬ 
lion  homes,  he  said. 

Census  Bureau  officials  have 
been  requesting  changes  in 
the  functionality  of  the  hand¬ 
helds  “almost  daily,”  Murray 
said.  For  example,  the  plans 
for  the  Field  Data  Collection 
Automation  project  originally 


called  for  the  use  of  finger¬ 
print  authentication  only.  But 
a  second  level  of  end-user 
authentication  —  passwords 
—  has  since  been  added. 

The  handhelds  will  run 
Windows  Mobile  5.0  on  hard¬ 
ware  made  by  High  Tech 
Computer  Corp.  in  Taiwan. 
The  devices  are  based  on 
consumer  technology  that  has 
been  customized  and  made 
semirugged.  They  include  a 
10-hour  battery  and  a  cellular 
data  radio.  A  phone  line  port 
v  is  also  being 
built  in  for 
backup 


The  Census 
Bureau’s  hand 
helds  are  based  on 
customized  consumer 
hardware  that  has  been 
made  semirugged. 


purposes  if  wireless  connec¬ 
tions  aren’t  available,  and  the 
handhelds  will  be  equipped 
with  GPS  mapping  informa¬ 
tion  to  help  census  takers  find 
addresses. 

Census  Bureau  officials  have 
said  the  use  of  the  handhelds 
will  result  in  greater  efficiency 
for  field  workers  who  tradi¬ 
tionally  have  carried  paper 
address  lists.  The  officials  said 
they  also  expect  the  project  to 
save  the  government  millions 
of  dollars  by  shortening  the 
time  it  takes  workers  to  gather 
data,  improving  the  informa¬ 
tion’s  accuracy  and  reducing 
the  need  to  process  paper  cen¬ 
sus  forms. 

The  Census  Bureau  spokes¬ 
man  declined  to  comment  in 
detail  about  the  handheld  proj¬ 
ect.  He  also  wouldn’t  address 
questions  about  potential 
funding  issues,  beyond 
referring  back  to  con¬ 
gressional  testimony 
last  July  in  which  Cen¬ 
sus  Bureau  Director  Louis 
Kincannon  said  that  recent 
legislative  actions  were  forc¬ 


ing  the  agency  “to  question 
key  operational  and  design 
considerations”  for  projects 
such  as  the  handheld  rollout. 

In  July,  the  U.S.  House  and 
Senate  both  passed  proposed 
fiscal  2007  budgets  that  re¬ 
duced  the  White  House’s 
funding  request  for  the  Census 
Bureau.  But  none  of  the  reduc¬ 
tions  have  taken  effect  because 
Congress  later  approved  a  con¬ 
tinuing  resolution  that  keeps 
the  federal  budget  at  the  same 
level  it  was  at  during  fiscal 
2006,  at  least  through  Feb.  15. 

Sen.  Tom  Coburn  (R-Okla.) 
has  questioned  the  need  for 
the  handheld  program  and 
criticized  the  Census  Bureau 
for  not  putting  census  surveys 
online.  “It’s  ludicrous  not  to 
move  the  census  online,”  said 
John  Hart,  a  spokesman  for 
Coburn.  “Millions  of  people 
already  file  their  taxes  online.” 

But  Murray  said  many 
Americans  still  lack  Internet 
access,  making  it  important  for 
the  Census  Bureau  to  continue 
visits  by  census  takers  —  and 
the  handheld  project.  * 
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Losing  Candidate  Appeals 
Florida  E-voting  Decision 

Judge  prohibits  access  to  source  code 
of  ES&S  touch-screen  machines 


BY  MARC  L.  SONGINI 

HE  LOSING  candi¬ 
date  in  the  Nov.  7 
election  to  repre¬ 
sent  Florida’s  13th 
Congressional  District  has 
appealed  a  state  judge’s  rul¬ 
ing  that  the  source  code  of 
e-voting  machines  used  in  the 
disputed  contest  cannot  be 
examined. 

Democrat  Christine  Jen¬ 
nings,  who  lost  the  race,  last 
week  filed  an  appeal  of  Leon 
County  Circuit  Court  Judge 
William  Gary’s  Dec.  29  ruling 
that  the  source  code  in  the 
Election  Systems  &  Software 
Inc.  (ES&S)  iVotronic  e-voting 
machines  can’t  be  indepen¬ 
dently  examined.  Jennings 
sought  the  tests  to  determine 
whether  the  machines  mal¬ 
functioned  during  the  election. 

“The  issue  is  whether  pri¬ 
vate  profit  and  trade  secrets 
should  trump  the  public  inter¬ 
est,”  said  Kathy  Vermazen,  a 
spokeswoman  for  Jennings. 

Jennings  had  filed  suit  about 
two  weeks  after  the  election, 


contending  that  problems  with 
the  machines  were  the  prima¬ 
ry  reason  why  18,000  ballots 
cast  — 15%  of  the  total  —  did 
not  include  a  vote  in  the  dis¬ 
puted  congressional  contest. 

Jennings  lost  the  election  by 
369  votes  to  Republican  Vern 
Buchanan. 

In  the  suit,  Jennings  argued 
that  the  votes  allegedly  not 
counted  by  faulty  machines 
would  have  reversed  the  elec¬ 
tion’s  outcome.  The  suit  asked 
the  court  to  declare  Jennings 
the  winner  or  require  that  a 
new  election  be  held. 

Vermazen  said  backers  of 
the  lawsuit  have  suggested 
that  technical  glitches  may 
have  occurred  during  the 
transfer  of  votes  from  the 
touch-screen  ballot  to  the  ma¬ 
chines’  memory. 

An  ES&S  witness,  Michael 
Herron,  an  associate  professor 
of  government  at  Dartmouth 
College,  told  the  court  that  the 
problems  were  likely  caused 
by  flawed  ballot  design. 

Jennings  maintained  in  the 


lawsuit  that  the  size  of  the  so- 
called  undervote  indicates  that 
there  was  likely  a  technical 
problem  with  the  machines. 

The  suit  sought  to  allow 
experts  selected  by  Jennings 
to  examine  the  source  code 
of  the  machines  to  determine 
whether  glitches  had  occurred. 

Gary  ruled  that  Jennings 
and  district  voters  who 
brought  the  lawsuit  sought 
access  to  ES&S  trade  secrets 
“based  on  nothing  more  than 
speculation  and  conjecture.” 
Allowing  access  to  the  iVot¬ 
ronic  source  code  “would 
result  in  destroying  or  at  least 
gutting  the  protections  af¬ 
forded  those  who  own  trade 
secrets,”  the  judge  wrote. 


Judge  William  Gary  based  his  rul¬ 
ing  in  the  case  at  the  Leon  County 
courthouse  on  ES&S’s  right  to 
protect  its  trade  secrets. 


In  addition,  Gary’s  decision 
noted  that  the  machines  were 
tested  twice  by  the  Florida 
Division  of  Elections  after  the 
election  and  were  found  to 
compile  votes  accurately. 

“No  one  is  suggesting  the 
[iVotronic]  material  be  turned 
over  to  the  public  or  put  on  the 
Internet  or  made  available  in 
any  way,”  said  Matthew  Zim¬ 
merman,  staff  attorney  at  San 
Francisco-based  advocacy 
group  the  Electronic  Frontier 
Foundation  and  a  plaintiff  in 
the  lawsuit.  “We’re  just  ask¬ 
ing  for  the  ability  to  look  at 
the  machines  and  perform  an 
investigation.  If,  at  the  end  of 
the  day,  we’ve  found  nothing, 
that’s  the  end  of  the  story.” 

In  an  e-mail  exchange,  a 
spokeswoman  for  Buchanan, 
citing  the  successful  test  of  the 
machines  following  the  elec¬ 
tion,  said  that  Jennings’  case 
“has  no  merit.” 

ES&S,  a  co-defendant  in  the 
suit,  maintains  that  the  equip¬ 
ment  in  question  worked  well 
in  the  election.  “There  is  al¬ 
ready  public  scrutiny  for  every 
element  of  the  voting  system, 
including  the  source  code,”  said 
a  spokesman  for  the  Omaha- 
based  vendor.  “Unfortunately, 
it  appears  the  plaintiffs  only 
believe  it’s  a  fair  review  if  they 
themselves  conduct  it.”  » 


Grant  Gross  of  the  IDG  News 
Service  contributed  to  this  story. 


SpectraLink  Offers  Full  Wi-Fi  Support  in  New  Line  of  Phones 


BY  MATY  HAMBLEN 

SpectraLink  Corp.  last  week 
announced  a  pair  of  wireless 
telephones  that  support  all 
three  Wi-Fi  radio  standards 
and  have  double  the  battery 
life  of  previous  models,  offer¬ 
ing  end  users  as  much  as  eight 
hours  of  talk  time. 

SpectraLink  has  been  in  the 
voice-over-wireless  business 
since  1999,  and  the  NetLink 
8000  series  phones  are  its 
fourth  generation  of  devices, 
said  Ben  Guderian,  the  Boul¬ 
der,  Colo.-based  company’s 
vice  president  of  marketing. 
But  the  NetLink  8000s  are  the 
first  new  models  released  by 
SpectraLink  since  mid-2003. 

The  NetLink  8020  is  priced 


at  $595,  while  the  8030,  which 
includes  push-to-talk  capabili¬ 
ties,  will  sell  for  $675.  Both  are 
scheduled  to  ship  this  quarter. 

John  Tuman,  director  of 
network  services  at  WakeMed 
Health  &  Hospitals  in  Raleigh, 
N.C.,  said  the  new  phones  in¬ 
terest  him  as  possible  replace¬ 
ments  for  about  600  exist¬ 
ing  SpectraLink  models 
that  have  a  shorter  bat¬ 
tery  life. 

The  phones  now  be¬ 
ing  used  at  WakeMed, 
which  bought  them 
from  Nortel  Networks 
Ltd.  under  a  reseller 
deal,  provide  four 
hours  of  talk  time. 

Many  nurses  and 


other  health  care  workers 
carry  a  second  battery,  so  they 
can  use  the  phones  for  eight 
hours.  But  battery  life  is  still  a 
problem  if  they  work  a  12-hour 
shift,  Tuman  noted. 

The  new  phones  are  appeal¬ 
ing  because  “we’re  looking  for 
extended  battery  life,”  he  said. 
Moreover,  the  NetLink 
8000s  are  “much  bet¬ 
ter-looking  and  slightly 
smaller”  than  the  previ¬ 
ous  ones  were,  Tuman 
added,  and  they  are  re¬ 
sistant  to  liquids,  which 
would  make  them  practi¬ 
cal  in  hospital  settings. 

The  NetLink  8000  phones  sup¬ 
port  each  of  the  three  current 
Wi-Fi  standards. 


SpectraLink’s  earlier  phones 
supported  only  the  802.11b  Wi¬ 
Fi  standard,  but  the  new  mod¬ 
els  can  accommodate  802.11a 
and  802.11g  as  well.  That  offers 
greater  flexibility  to  IT  man¬ 
agers  who  must  provide  clear 
communication  capabilities  to 
their  users,  said  Craig  Mathias, 
an  analyst  at  Farpoint  Group 
in  Ashland,  Mass.  He  added 
that  as  far  as  he  knows,  Spec¬ 
traLink  is  the  first  vendor  to 
support  all  three  Wi-Fi  stan¬ 
dards  in  a  single  phone. 

Mathias  predicted  that 
phones  supporting  voice  over 
Wi-Fi  will  one  day  become 
the  norm,  because  they  allow 
workers  to  move  about  freely 
and  avoid  making  toll  calls. » 


Pelosi:  Disputed 
House  Seat  Is 
Still  Up  for  Grabs 

THE  SWEARING  IN  of  Repub¬ 
lican  Vern  Buchanan  as  U.S. 
Representative  in  Florida’s  13th 
District  doesn’t  ensure  that 
he  will  serve  a  full  two-year 
term,  said  new  House  Speaker 
Nancy  Pelosi  late  last  week. 

In  response  to  questions 
from  Rep.  Rush  Holt  (D-N.J.), 
Pelosi  said  the  seating  of 
Republican  Buchanan  won't 
affect  a  lawsuit  filed  by  his  rival 
in  the  race.  Democrat  Christine 
Jennings,  that  is  seeking  to 
overturn  the  results. 

In  November,  Jennings  filed 
a  lawsuit  against  state  elec¬ 
tions  officials  contending  that 
problems  with  ES&S  iVotronic 
touch-screen  systems  threw 
the  election  to  Buchanan  in 
error.  Buchanan  won  the  elec¬ 
tion  by  369  votes. 

“The  seating  of  this  member- 
elect  is  entirely  without  preju¬ 
dice  to  the  contest  over  the 
final  right  to  that  seat  that  is 
pending  under  the  statute  and 
will  be  reviewed  in  the  ordinary 
course  in  the  Committee  on 
House  Administration,"  Pelosi 
said  on  Thursday  while  presid¬ 
ing  over  the  House  of  Repre¬ 
sentatives  for  the  first  time. 

In  a  statement,  Holt  said 
that  “there  is  compelling  evi¬ 
dence  that,  had  all  the  votes 
been  counted,  the  result  [in 
Sarasota  County]  would  have 
been  different.  It  is  incumbent 
on  the  House  to  resolve  this 
situation  and  ensure  that  the 
rightful  winner  is  seated.” 

Holt,  a  critic  of  paperless 
electronic  voting  systems,  has 
stated  that  he  intends  during 
the  current  House  session  to 
promote  legislation  that  will 
require  all  e-voting  machines 
to  produce  a  paper  trail. 

A  spokeswoman  for  Bu¬ 
chanan  disagreed  with  Pelosi’s 
conclusion,  noting  that  there 
is  nothing  in  the  House  rules 
or  the  U.S.  Constitution  that 
provides  for  a  provisional,  con¬ 
ditional  or  temporary  swearing 
in  of  a  representative. 

-  MARC  L.  SONGINI 
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IBM,  Siemens  Finally 
Win  Military  IT  Pact 

BERLIN 

HE  German  Federal  Armed  Forc¬ 
es,  or  Bundeswehr,  has  awarded  a 
10-year  IT  modernization  and 
management  contract  worth  €7.1  bil¬ 
lion  ($9.4  billion  U.S.)  to  IBM  and  Sie¬ 
mens  AG  after  more  than  three  years 
of  negotiations  with  various  vendors. 

The  IT  work  planned  under  the  so- 
called  Herkules  contract,  which  was 
awarded  Dec.  28,  will  be  handled  by 
a  newly  formed  joint  venture  based 
in  Meckenheim,  Germany.  IBM  and 
Siemens  own  50.1%  of  the  venture,  and 
the  remainder  is  held  by  the  German 
government. 

IBM  will  be  responsible 
for  modernizing  the  Ger¬ 
man  army’s  data  centers 
and  running  applications 
such  as  Notes  and  SAP 
AG’s  ERP  and  supply  chain 
management  software. 

Siemens  will  upgrade  and 
operate  the  Bundeswehr’s 
IT  equipment,  which  in¬ 
cludes  about  140,000  PCs, 

7,000  servers,  300,000 
fixed-line  phones  and 
15,000  cell  phones. 


IBM,  Siemens  and  then-partner 
Deutsche  Telekom  AG  initially  bid  for 
the  contract  in  2002.  At  that  time,  the 
military  selected  a  bid  from  a  rival  con¬ 
sortium  called  Isic  21.  But  the  armed 
forces  and  Isic  21  failed  to  agree  on 
financial  terms,  so  IBM  and  Siemens, 
without  Deutsche  Telekom,  submitted 
new  bids. 

■  JOHN  BLAU.  IDO  NEWS  SERVICE 

Amsterdam  Set  to  Test 
Linux  on  Its  Desktops 

AMSTERDAM 

HE  CITY  of  Amsterdam  plans 
to  test  open-source  software  on 
desktop  computers  in  two  munic¬ 
ipal  departments  during 
the  first  half  of  this  year. 

In  a  statement  released 
late  last  month,  the  city 
said  it  doesn’t  plan  to 
fully  phase  out  the  use 
of  proprietary  software. 
But,  it  added,  the  testing 
is  expected  to  lead  to  cut¬ 
backs  in  the  scope  of  its 
current  desktop  software 
contract  with  Microsoft 
Corp.  That  contract  is 
scheduled  to  expire  at  the 
end  of  next  year. 


As  part  of  the  first  open-source  tests, 
Amsterdam’s  public  housing  service 
and  the  local  authority  for  the  borough 
of  Zeeburg  will  run  Linux  on  their 
desktop  PCs,  according  to  a  spokes¬ 
woman  for  the  city  authority. 

■  PETER  SAYER,  IDG  NEWS  SERVICE 


Taiwan  Allows  Chip 
Investments  in  China 

TAIPEI 

HE  GOVERNMENT  of  Taiwan  has 
approved  plans  by  three  chip 
makers  to  invest  funds  in  China, 
marking  a  significant  easing  of  regula¬ 
tions  for  the  Taiwanese  IT  industry. 

Taiwan  has  long  limited  investments 
in  China  by  domestic  chip  makers  be¬ 
cause  of  concerns  that  their  technolo¬ 
gies  might  end  up  being  used  by  the 
Chinese  military. 

But  late  last  month,  the  Taiwanese 
government  approved  a  request  by 
Powerchip  Semiconductor  Corp.  to 
build  a  $410  million  memory  chip 
factory  in  China.  A  similar  proposal 
by  ProMOS  Technologies  Inc.  for  a 
$365  million  plant  was  also  approved. 
And  Advanced  Semiconductor  Engi¬ 
neering  Inc.  received  the  green  light 
to  invest  $60  million  in  Global  Ad¬ 
vanced  Packaging  Technology  Ltd.,  a 
maker  of  low-end  chip  assemblies  in 
Shanghai . 

■  DAN  NYSTEDT.  IDG  NEWS  SERVICE 


Compiled  by  Mike  Bucken. 


Briefly  Noted 

BenQ  Mobile  GmbH  failed  to  meet 
an  end-of-the-year  deadline  to  find 
a  buyer,  leading  a  German  court 
to  begin  insolvency  proceedings 
against  the  Munich-based  mobile 
phone  maker.  “Production  will  now 
wind  down,”  said  a  spokesman  for 
the  company’s  insolvency  adminis¬ 
trator.  BenQ  Mobile  has  about  1,000 
employees  remaining  at  plants  in 
Munich  and  two  other  German  cities 
after  previously  cutting  2,000  jobs. 
■  JOHN  BLAU.  IDG  NEWS  SERVICE 


The  Electronics  Corporation  of  Tam¬ 
il  Nadu  Ltd.,  a  government-owned 
provider  of  IT  services  to  the  Indian 
state  of  Tamil  Nadu,  plans  to  replace 
its  Microsoft  server  and  desktop 
software  with  Linux  and  other 
open-source  products.  The  Chennai- 
based  company,  known  as  Elcot,  is 
turning  to  open  source  to  cut  costs 
and  improve  security  and  ease  of 
use,  said  its  managing  director. 

■  JOHN  RIBEIR0.  IDG  NEWS  SERVICE 


Fairchild  Semiconductor  Corp.  has 
launched  a  $200  million  tender  of¬ 
fer  for  Taipei-based  System  General 
Corp.  Both  companies  develop  chips 
used  to  manage  power  in  digital  de¬ 
vices.  South  Portland,  Maine-based 
Fairchild  said  it  expects  to  hire  all 
250  of  System  General’s  employees. 
■  DAN  NYSTEDT,  IDG  NEWS  SERVICE 


GLOBAL  FACT 


The  number  of  Chinese 
citizens  with  Internet 
access  at  the  end  of 
2006,  up  from 
123  million  last  June. 

SOURCE;  XINHUA  NEWS 
AGENCY  AND  CHINA  INTERNET 
NETWORK  INFORMATION 
CENTER.  BEIJING 


Another  H-1B  Fight  Looms  in  Congress 


BY  PATRICK  THIBODEAU 

As  the  new,  Democrat- 
controlled  Congress  took  of¬ 
fice  last  week,  Elena  Park,  im¬ 
migration  practice  leader  at 
Philadelphia-based  law  firm 
Cozen  O’Connor,  had  this 
piece  of  advice  for  companies 
that  want  to  hire  H-1B  visa 
holders:  Move  quickly. 

“The  fact  of  the  matter  is, 
there  is  an  H-1B  blackout,” 
Park  said.  The  blackout  will 
end  in  April,  when  the  U.S. 
Bureau  of  Citizenship  and  Im¬ 
migration  Services  (USCIS) 
begins  taking  applications  for 
visas  to  be  issued  during  the 
federal  government’s  next  fis¬ 
cal  year,  which  starts  in  Octo¬ 
ber.  Park  expects  numerous 
employers  to  file  visa  applica¬ 
tions  as  soon  as  they  can.  “It’s 
sort  of  like  a  race,”  she  said. 


Demand  for  new  H-1B  work¬ 
ers  for  the  current  fiscal  year 
was  so  high  that  the  USCIS 
reached  the  annual  cap  of 
65,000  visas  less  than  two 
months  after  it  began  accepting 
applications,  the  shortest  pe¬ 
riod  ever.  An  additional  20,000 
visas  limited  to  workers  with 
advanced  degrees  from  U.S. 
universities  was  gone  in  four 
months.  The  strong  demand 
likely  means  that  proposals  to 
raise  the  H-1B  cap  will  again 
be  introduced  in  Congress,  ac¬ 
cording  to  officials  from  indus¬ 
try  and  labor  groups. 

H-1B  supporters,  such  as  Jeff 
Lande,  a  senior  vice  president 
at  the  Information  Technology 
Association  of  America,  don’t 
think  Democratic  control  of 
Congress  will  stymie  pro-visa 
lobbying.  Lande  pointed  to  last 


year’s  bipartisan  support  in 
the  Senate  for  a  proposal  to  in¬ 
crease  the  cap  to  115,000  visas. 

But  some  vocal  opponents 
of  the  H-1B  program  took  over 
congressional  seats  last  week, 
including  Sen.  Jim  Webb  (D- 
Va.).  In  a  statement  posted  on 
Policy  Soup,  a  blog  run  by  the 
Fairfax  County  Chamber  of 
Commerce,  Webb  wrote,  “I 
do  not  support  guest  worker 
programs.  This  applies  to 
H-1B  visas,  except  in  the  most 
extraordinary  circumstances. 

I  do  not  believe  the  myth  of 
the  tech  worker  shortage.” 

Some  H-1B  critics  also  plan 
to  seek  improvements  in  the 
way  the  visa  program  operates. 

“The  system  is  worthless,” 
said  Ron  Hira,  vice  president 
of  career  activities  at  IEEE- 
USA,  a  unit  of  the  Institute 


of  Electrical  and  Electron¬ 
ics  Engineers  Inc.  “The  only 
thing  protecting  the  [U.S.] 
workforce  right  now  is  the  cap, 
and  there  is  almost  nothing 
protecting  the  foreign  workers 
from  being  exploited.” 

For  instance,  employers 
that  want  to  hire  workers  who 
have  H-1B  visas  must  attest 
that  they  will  pay  prevailing 
wages  and  include  the  relevant 
wage  data  in  so-called  labor 
condition  applications  (LCA) 


HThe  only  thing  pro¬ 
tecting  the  [U.S.] 
workforce  right  now  is 
the  cap,  and  there  is  al¬ 
most  nothing  protecting 
the  foreign  workers  from 
being  exploited. 

RON  HIRA,  VICE  PRESIDENT  OF 
CAREER  ACTIVITIES,  IEEE-USA 


sent  to  the  U.S.  Department  of 
Labor.  But  the  department’s 
role  in  checking  LCAs  is  lim¬ 
ited  by  law.  It  looks  for  errors 
and  omissions  electronically 
but  doesn’t  have  the  ability  to 
randomly  audit  companies  to 
ensure  that  they  are  comply¬ 
ing  with  the  wage  laws.  In 
addition,  the  agency  can  un¬ 
dertake  investigations  only  in 
response  to  complaints. 

In  a  report  released  last  June, 
the  U.S.  Government  Account¬ 
ability  Office  said  the  Labor 
Department’s  process  for  elec¬ 
tronically  reviewing  LCAs  is 
prone  to  mistakes.  The  GAO 
found  3,229  applications  from 
H-1B  employers  that  reported 
they  were  paying  visa  holders 
less  than  the  prevailing  wage. 

Hira  said  the  IEEE  and  other 
H-1B  critics  want  the  Labor 
Department  to  have  more  au¬ 
thority  to  audit  employers  and 
do  compliance  testing.  * 
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FCC  Approves  $86B 
AT&T /BellSouth  Deal 

AT&T  Inc.  closed  its  S86  billion 
acquisition  of  BellSouth  Corp. 
after  gaining  approval  from 
the  Federal  Communications 
Commission.  The  Dec.  29  FCC 
decision  came  a  day  after  AT&T 
made  concessions,  including  a 
pledge  to  maintain  a  “neutral 
network”  for  two  years.  AT&T 
announced  plans  to  buy  Bell¬ 
South  in  March,  saying  that  it 
expected  the  merger  to  lead  to 
$2  billion  in  annual  savings. 


Google  Fixes  E-mail 
Contact  List  Raw 

Google  Inc.  has  fixed  a  flaw 
that  would  have  allowed  Web 
sites  to  harvest  data  from  Gmail 
contact  lists,  which  could  have 
let  spammers  collect  reams  of 
e-mail  addresses.  Google  fixed 
the  problem  within  30  hours  of 
being  notified,  said  Haochi  Chen, 
a  blogger  who  tracks  the  com¬ 
pany.  Google  confirmed  that  the 
problem  was  fixed. 


Apple  Clears  Jobs 
Of  Wrongdoing 

An  internal  investigation  into 
past  stock-option  grants  at 
Apple  Computer  Inc.  has  found 
that  CEO  Steve  Jobs  was  aware 
of  procedural  irregularities  but 
did  not  benefit  from  the  grants 
or  understand  the  accounting 
implications.  The  results  of  the 
investigation  were  revealed  in 
documents  filed  with  the  U.S. 
Securities  and  Exchange  Com¬ 
mission  late  last  year.  Apple  also 
said  it  wiil  restate  financial  re¬ 
sults  for  2004, 2005  and  2006 
as  a  result  of  the  options  probe. 


Alcatel  Purchases 
Nortel  UMTS  Unit 

Alcatel-Lucent  SA  has  closed  its 
$320  million  acquisition  of  Nor¬ 
tel  Networks  Corp.’s  Universal 
Mobile  Telecommunications  Sys¬ 
tem  unit  after  clearing  regulatory 
hurdles  on  Dec.  31.  About  1,700 
Nortel  employees  are  moving  to 
Alcatel-Lucent,  including  most 
of  the  research  and  development 
team.  The  companies  completed 
the  acquisition  in  November. 


[ON  THE  MARK 


HOT  TECHNOLOGY  TRENDS,  NEW  PRODUCT 
NEWS  AND  INDUSTRY  BUZZ  BY  MARK  HALL 


Authoring  Tools 
tussle  Will . . . 


. . .  get  rowdier  later  this  year.  Few  software  users  gripe 
more  about  their  tools  than  writers.  It  doesn’t  matter 
whether  they’re  publishing  workflow-laden  techni¬ 
cal  docs  or  The  Great  American  Novel;  writers  hold 
strong  views  about  what  they  use.  So  IT  managers 


tread  warily  into  a  den 
of  corporate  writers 
with  the  thought  of 
changing  a  favored 
program.  But  that’s 
exactly  what  (the 
perhaps  appropriately 
named)  MadCap  Soft¬ 
ware  Inc.  wants  you 
to  consider  doing.  The 
San  Diego-based  com¬ 
pany  plans  to  ship  authoring 
software  called  Blaze  in  the 
third  quarter,  going  head  to 
head  with  Adobe  Systems 
Inc.’s  FrameMaker.  MadCap 
CEO  Anthony  Olivier  boasts 
that  Blaze  will  have  a  big 
advantage  because  it  is  built 
on  “a  fresh  code  base”  that 
outputs  native  XML  files. 
Mike  Hamilton,  MadCap’s 
vice  president  of  product 
management,  adds  that 
FrameMaker’s  legacy  code 
makes  getting  XML  files  from 
the  Adobe  software  “a  bit  like 
steering  a  battleship  with  a 
plastic  paddle.”  Blaze  will 
also  include  native  support 
for  Microsoft  Corp.’s  XML 
Paper  Specification  document 


HAMILTON: 

FrameMaker 
sn’t  a  friend  ol 
XML  files. 


format,  Olivier  says. 
Pricing  for  Blaze  has 
not  yet  been  set. 

Blogs  may  be 
destined  to . . . 

. . .  take  a  downward  turn. 

Gartner  Inc.  predicts 
that  blogs  will  reach 
their  zenith  this  year, 
then  start  to  slide  in 
popularity.  That  gutsy  fore¬ 
cast  has  made  the  consulting 
and  research  firm  a  common 
target  for  sneers  and  jeers 
within  the  burgeoning  blogo- 
sphere.  And  even  though 
blogs  might  be  a  future  thing 
of  the  past,  Michael  Den¬ 
ning,  vice  president  and  gen¬ 
eral  manager  of  digital  brand 
services 
at  VeriSign 
Inc.,  cautions 
brand¬ 
conscious 
companies 
to  pay  close 
attention  to 
what  blog¬ 
gers  say  about 
them.  Busi¬ 


nesses  need  to  know  not  just 
that  a  self-appointed  wag  is 
ragging  on  their  products  and 
services,  but  also  who’s  read¬ 
ing  the  rant  and  “how  it  influ¬ 
ences  the  reader,”  he  says. 

Although  blogging  is  an  im¬ 
portant  trend 
(at  least  for 
now),  Denning 
says  phishing 
attacks  will 
continue  to 
be  the  biggest 
threat  to  cor¬ 
porate  brands  this  year.  He 
notes  that  60%  of  phishing 
messages  make  illicit  use  of  a 
brand.  Given  the  mayfly-like 
life  spans  of  most  phishing 
sites,  Denning  says,  protect¬ 
ing  yourself  against  them  “is 
not  something  you  can  wait 
for  until  the  next  day  —  next 
hour,  even.”  Needless  to  say, 
he  would  be  delighted  to  chat 
with  you  about  VeriSign’s 
brand-  and  fraud-protection 
services  —  if  you  have  $100k 
or  so  to  spend.  That  is  the 
service’s  average  annual  cost. 

Watch  for  Vista 
gotchas  during . . . 

. . .  upcoming  upgrades.  Many 
IT  managers  pair  an  operat¬ 
ing  system  upgrade  with  the 
addition  of  new  hardware 
to  avoid  the  pain  of  putting 
a  new  operating  system  on 
an  old  PC.  Others  try  to  get 
extra  mileage  from  their  old 
machines  by  souping  them  up 
with  an  improved  operating 
system.  But  with  Windows 
Vista,  the  latter  group  must 
be  aware  of  the  limits  of  their 
old  hardware,  warns  Paul 
Rochester,  CEO  of  PS’Soft 
Inc.,  a  15-year-old  software 
vendor  that  was  acquired  by 
private  investors  in  Novem¬ 
ber  and  has  since  moved  from 
France  to  San  Mateo,  Calif. 
Rochester  says  Vista  sucks  up 
more  system  memory  than 
Windows  XP  and  requires 
better-than-average  graph¬ 
ics  acceleration.  Drivers  will 
need  to  be  updated,  he  adds. 
And  if  you  have  workers  with 


4.5 

Average  num¬ 
ber  of  days  a 
phishing  site 
stays  up,  says 
VeriSign. 


older  laptops,  consider  this: 
“Memory  swap-out  is  much 
trickier”  and  more  time- 
consuming  than  it  is  with 
desktops,  Rochester  says.  If 
you  had  his  company’s  QP  as¬ 
set  management  tool,  you’d  at 
least  know  which  of  your  PCs 
were  Vista-capable  and  which 
ones  weren’t.  QP’s  name  will 
be  changed  as  PS’Soft  shifts 
its  focus  toward  the  U.S. 
market.  “It  stands  for  some¬ 
thing  in  French  that’s  not 
very  meaningful  [in  English],” 
Rochester  explains. 

‘Whafd  ya  do  in 
school  today?’ . . . 

. . .  doesn’t  cut  it  for  parental  in¬ 
volvement  anymore.  At  least  not 
in  school  districts  that  use 
software  from  vendors  such 
as  Maximus  Inc.  in  Reston, 

Va.  Tom  Funk,  the  company’s 
president,  touts  his  Web- 
based  SchooiMax  Enterprise 
software  for  its  ample  array 
of  tools  for  school  administra¬ 
tors.  But  what  he  really  brags 
about  are  the  modules  de¬ 
signed  “to  try  to  get  parents 
involved  in  the  performance 
of  their  kids.”  Funk  claims 
that  grades 
improve 
when  schools 
give  parents 
SchooiMax  ac¬ 
counts  and  let 
them  access 
role-based 
portions  of 
the  software, 
such  as  atten¬ 
dance  records 
or  current  assignments.  This 
year,  Maximus  plans  to  add 
support  for  more  points  of 
access  to  student  informa¬ 
tion,  such  as  kiosks  in  public 
libraries  and  interactive  voice 
response  systems  for  families 
without  PCs  or  online  access. 
One  of  the  biggest  impedi¬ 
ments  to  giving  parents  ac¬ 
cess  to  the  information  is 
parental  concern  about  data 
privacy,  Funk  says.  Er,  does 
that  mean  parents  don’t  trust 
themselves?  * 


FUNK:  Soft¬ 
ware  pulls 
parents  into 
the  education 
process. 


.INFRASTRUCTURE  LOG 

_DAY  22:  We’ve  taken  “add  an  app,  add  a  server”  to 
the  next  level:  complete  insanity.  The  servers 
require  constant  attention.  Our  fingers  are  cramping 
from  rebooting.  Haven’t  left  the  office  in  days. 

_DAY  23:  “insane”  doesn’t  begin  to  describe  it. 
Around-the-clock  maintenance  is  turning  our  staff 
into  an  army  of  zombies.  Hey,  even  the  undead  get 
time  and  a  half. 

_I  don’t  want  to  spend  another  night  in  the  server 
room.  I  want  control.  I  want  an  i. 
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Cisco  Purchases 
Security  Tool  Maker 

Cisco  Systems  Inc.  has  agreed 
to  buy  IronPort  Systems  Inc.,  a 
developer  of  e-mail  and  Web 
security  appliances,  for  about 
$830  million  in  cash  and  stock. 
IronPort,  founded  in  2000,  em¬ 
ploys  about  400  people.  The 
company  will  become  a  busi¬ 
ness  unit  in  Cisco’s  security  and 
technology  group.  The  deal  is 
expected  to  close  in  July. 


MySQL  Set  to  Ship 
Falcon  Alpha  Release 

MySQL  AB  is  set  to  release  the 
alpha  version  of  its  open-source 
Falcon  storage  engine,  which  is 
designed  for  high-volume  Web 
server  environments.  Falcon 
should  be  available  for  download 
this  week,  said  Kaj  Arno,  vice 
president  of  community  relations. 
The  alpha  release  will  be  used 
to  refine  the  storage  engine’s 
features  and  performance  and 
will  be  followed  by  a  beta  version 
focusing  on  bug  fixes,  Arno  said. 
No  timetable  has  been  set  for 
releasing  a  beta  version. 


Arrow  Buys  KeyLink 
For  $485M  in  Cash 

Arrow  Electronics  Inc.  has 
agreed  to  acquire  Agilysys  Inc.’s 
KeyLink  Systems  Group  for 
$485  million  in  cash.  KeyLink,  a 
distributor  of  servers,  storage 
systems  and  software  in  the  U.S. 
and  Canada,  employs  about  500 
people.  The  sale  is  expected  to 
close  within  90  days.  Arrow  also 
signed  a  long-term  procurement 
agreement  with  Agilysys’  Enter¬ 
prise  Solutions  Group,  a  value- 
added  reseller. 


CheckFree  Agrees 
To  Buy  Rival  Firm 

CheckFree  Corp.  plans  to  buy 
payment  processing  rival  Car- 
reker  Corp.  for  about  $206  mil¬ 
lion  in  an  effort  to  expand  its 
software  and  consulting  opera¬ 
tions.  CheckFree  said  it  hopes 
to  utilize  Carreker’s  expertise  in 
check  conversion  -  the  capture 
and  processing  of  digital  images 
of  paper-based  checks  -  in  its 
payment  processing  systems. 


Continued  from  page  1 

E-health 

of  the  products. 

Hospitals  and  physician 
groups  had  sought  the  exemp¬ 
tions  for  several  years,  con¬ 
tending  that  many  physicians 
can’t  afford  the  software  with¬ 
out  help  from  hospitals. 

Officials  at  some  nonprofit 
hospitals  now  say  that  allow¬ 
ing  hospitals  to  pay  for  such 
software  could  lead  to  a  loss  of 
their  tax-exempt  status. 

Take,  for  example,  Care- 
Spark,  a  Kingsport,  Tenn.- 
based  organization  that  is  de¬ 
veloping  an  electronic  network 
to  allow  health  care  providers 
in  17  counties  in  Tennessee  and 
Virginia  to  share  patient  data. 
Most  of  the  hospitals  affiliated 
with  CareSpark  are  awaiting  a 
ruling  from  the  Internal  Rev¬ 
enue  Service  before  taking  ad¬ 
vantage  of  the  HFIS  exemption. 

According  to  John  Mor¬ 
rissey,  director  of  knowledge 
at  the  National  Alliance  for 
Health  Information  Technol¬ 
ogy  in  Chicago,  the  IRS  has 
yet  to  respond  to  an  American 
Hospital  Association  request 
for  additional  guidance  on  the 
issue.  The  Chicago-based  AHA 


counts  5,000  hospitals,  health 
care  systems,  networks,  other 
providers  of  care  and  37,000  in¬ 
dividuals  among  its  members. 

Liesa  Jenkins,  executive  di¬ 
rector  of  CareSpark,  said  that 
most  of  the  18  hospitals  affili¬ 
ated  with  the  organization  are 
not-for-profits  that  believe  IRS 
approval  is  needed  before  they 
can  provide  financial  assis¬ 
tance  to  individual  physicians 
and  medical  groups. 

“Until  the  IRS  solidly  en¬ 
dorses  the  relaxed  regulations 
for  nonprofit  hospitals  and  for- 
profit  physician  groups,  our 
hospitals  and  physician  groups 
are  not  yet  ready  to  commit  to 
that  path,”  Jenkins  said. 

Tom  Smith,  CIO  at  Evanston 
Northwestern  Healthcare,  a 
not-for-profit  organization 
that  operates  three  hospitals 
in  Chicago’s  suburbs,  said 
Northwestern  is  waiting  for 
the  IRS  ruling  before  it  will 
provide  software  to  its  affili¬ 
ated  physicians. 

He  noted  that  the  HHS  took 
several  years  to  approve  an 
exemption  to  the  federal  fraud 
laws,  so  “we  can  wait  a  while 
longer  to  get  it  right.” 

John  Blair,  president  of  Ta- 
conic  IPA  Inc.,  a  physicians 
network  in  Fishkill,  N.Y.,  said 
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that  the  questions  regarding 
the  IRS’s  stance  “will  prob¬ 
ably  make  some  hospitals  that 
might  have  done  this  sit  on  the 
fence.” 

In  general,  he  said,  “the 
negative  is  a  lot  of  doctors 
know  this  is  coming  ...  so  they 
are  stepping  back  and  waiting 
before  buying  now,  because 
there  may  be  some  additional 
financial  relief  on  the  horizon.” 

Several  years  ago,  Taconic 
started  a  regional  health  in¬ 
formation  organization  called 
the  Taconic  Health  Informa¬ 


tion  Network  and  Community 
(THINC)  in  New  York’s  Hud¬ 
son  Valley  region,  using  seed 
money  from  a  nonprofit  organi¬ 
zation  and  a  $1.5  million  grant 
from  the  federal  government. 

THINC  provides  doctors 
with  monthly  subscription- 
based  access  to  a  database 
containing  lab  results,  pre¬ 
scription  information  and 
other  patient  data. 

In  addition,  THINC  em¬ 
ployer  members  and  insur¬ 
ance  companies  pay  doctors 
additional  fees  for  using  the 
electronic  service. 

The  organization  doesn’t 
have  a  direct  stake  in  the  IRS 
issue  because  of  its  early  start 
in  creating  EMRs,  Blair  noted. 

For  some  hospitals,  the  finan¬ 
cial  burden  of  providing  EMR 
software  to  individual  doctors 
and  small  groups  of  physicians 
is  a  more  important  hurdle 
than  HHS  or  IRS  regulations. 

Pat  Taffe,  CIO  at  North 
Memorial  Health  Care,  a  hos¬ 
pital  in  Robbinsdale,  Minn., 
said  the  HHS  exemption  “just 
shifts  the  burden  from  the 
small,  independent  providers 
to  large  hospitals  and  health 
systems.  We  may  be  larger. 
However,  we  aren’t  financially 
any  better  off.”  » 


CLEARING  THE  PATH  for  hospitals 
to  provide  electronic  medical  record 
technology  to  physician  practices 
has  become  a  key  requirement 
for  meeting  federal  e-health  goals. 
Industry  officials  note  that  hospitals 
can’t  complete  their  own  automation 
efforts  without  access  to  the  patient 
records  of  individual  physicians. 

According  to  John  Morrissey, 
director  of  knowledge  at  the  Na¬ 
tional  Alliance  for  Health  Information 
Technology  (NAHIT),  at  least  70%  of 
health  care  is  delivered  to  patients 
outside  of  hospitals. 

Therefore,  he  said,  hospital  person¬ 
nel  can't  get  complete  patient  histo¬ 
ries  without  access  to  EMRs  compiled 
by  patients’  physicians.  "If  hospitals 
are  automated  to  the  max  and  their 
referring  physicians  are  still  using  pa¬ 
per,  all  they  have  is  a  fairly  expensive 
30%  solution,”  Morrissey  said. 

The  NAHIT  includes  health  care 


providers,  insurance  companies, 
employers  and  IT  companies  that 
are  trying  to  foster  the  adoption  of 
health  care  technology. 

Morrissey  noted  that  hospitals 
need  assurance  that  they  can  pro¬ 
vide  discounted  EMR  technology  to 
physicians  without  penalty. 

“We  now  have  a  well-marked  path 
for  hospitals  of  all  types  to  supply 
technology  and  services  to  doctors 
while  avoiding  arrangements  that 
could  be  judged  illegal,”  Morrissey 
said.  “For  for-profit  hospitals,  that  is 
the  end  of  the  story.  But  for  not-for- 


EMR  Success 

profit  hospitals . . .  there  is  this  hill 
after  the  mountain.” 

He  explained  that  nonprofit  hos¬ 
pitals  must  prove  that  any  software 
contribution  would  provide  a  sub¬ 
stantial  public  benefit  and  contain 
only  an  “incidental”  benefit  to  the 
organization  itself  to  retain  their  tax- 
exempt  status. 

“It  is  gray  enough  for  not-for-profit 
hospitals  to  have  gotten  the  big 
lectures  from  their  legal  counsel,” 
Morrissey  said.  “They  need  to  have 
more  comfort  on  how  the  IRS  sees 
things.” 


The  American  Hospital  Associa¬ 
tion  in  November  requested  a  ruling 
from  the  IRS  about  whether  not- 
for-profit  hospitals  can  provide  dis¬ 
counted  software  to  physicians  and 
remain  tax-exempt.  Morrissey  said 
that  no  ruling  has  yet  been  made.  IRS 
officials  did  not  respond  to  requests 
for  comment  on  the  AHA  move. 

Getting  that  guidance  and 
assuaging  the  fears  of  nonprofit 
hospitals  is  critical  to  speeding  the 
growth  of  EMRs,  he  added.  For 
many  individual  doctors  and  small 
groups  of  physicians,  obtaining 
EMR  software  at  a  discounted  price 
is  “the  only  option  open  to  them,” 
Morrissey  said. 

“There  is  no  movement  yet  in  gov¬ 
ernment  to  provide  any  sort  of  fund¬ 
ing  that  would  produce  any  tipping 
point  whatsoever,”  he  said.  “[Adop¬ 
tion  of  the  software]  is  not  going  to 
happen  unless  there  is  some  way  to 
make  it  affordable  and  attractive.” 

-  HEATHER HAVENSTEIN 


[Adoption  of  the  software] 
is  not  going  to  happen  un¬ 
less  there  is  some  way  to  make  it 
affordable  and  attractive. 

JOHN  MORRISSEY,  NATIONAL  ALLIANCE  FOR 
HEALTH  INFORMATION  TECHNOLOGY 


EMR  Barriers 

Adoption  of  electronic 
medical  records  has  been 
slowed  by: 

■  High  acquisition  costs  and  mi 
aligned  incentives  -  the  average 
EMR  costs  $10,000  to  $12,000 
per  year  per  physician. 

■  The  fact  that  physicians  reap 
only  11%  of  the  savings  from  the 
technology:  the  rest  goes  to  inst 
ance  companies. 

■  Workflow  interruptions  -  EMR 
can  significantly  disrupt  practice 
productivity  when  software  goes  If 

■  A  lack  of  interoperability 


\ 

I  have  control.  I  have  a  System  #.™ 

System  i  gives  you  simplicity.  The  System  i  is  a  complete  business 
system  -  OS,  database,  software,  security  and  storage,  all  in  one. 

System  i  gives  you  freedom.  Thanks  to  the  System  i's  legendary 
reliability,  you’ll  have  more  time  to  focus  on  your  business.  You’re  not  a 
slave  to  the  system  anymore,  because  the  System  i  just. . .  works. 

System  i  gives  you  one-step  security.  The  System  i  is  more 
secure  because  it’s  easier  to  secure.  Its  innovative  one-step  security  is 
specifically  designed  to  be  virus-resistant. 

System  i  gives  you  the  best  of  IBM  in  one  box.  The  System  i  is 
instant  infrastructure,  designed  for  simplicity.  And  you  don  t  need  an  army 
to  manage  it. 


IBM,  the  IBM  logo,  System  i  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries  Other  company,  product  and  service  names  ivy 
trademarks  or  service  marks  of  others.  ©2006  IBM  Corporation.  All  rights  reserved. 
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DON  TENNANT 


The  Real  You 


YOU’RE  probably  aware  that  “You”  made 

the  cover  of  Time  magazine’s  latest  “Person 
of  the  Year”  issue,  and  you  may  well  be 
pleased  with  yourself  that  you  made  it. 
Don’t  be.  The  fact  is,  you  don’t  belong  there. 
I  hate  to  burst  the  bubble  that  inflated  when  you 
saw  yourself  in  the  reflective  sheet  on  the  cover  and 
read  that  you  were  chosen  because  “you  control  the 
Information  Age.”  Sorry.  You  don’t. 


I  recognize  that  in 
shooting  down  Time’s 
selection,  I’m  hardly 
breaking  new  ground  —  a 
free-for-all  of  naysaying 
erupts  every  year,  re¬ 
gardless  of  who’s  picked. 

Linux  fanatics  had  to  be 
talked  off  the  ledge  when 
they  saw  Bill  Gates  on  last 
year’s  cover  (he  shared 
the  distinction  with  his 
wife,  Melinda,  and  rock 
singer/activist  Bono). 

The  idea  is  to  recognize 
the  person  or  group  “who,  for  better 
or  worse,  has  most  influenced  events 
in  the  preceding  year.”  According  to 
Time’s  editors,  you  got  the  nod  for 
2006  in  recognition  of  your  role  in  a 
story  that’s  “about  community  and 
collaboration  on  a  scale  never  seen 
before.”  Citing  the  examples  of  Wiki¬ 
pedia,  YouTube  and  MySpace,  Time 
explains  that  the  story  is  “about  the 
many  wresting  power  from  the  few 
and  helping  one  another  for  nothing 
and  how  that  will  not  only  change 
the  world,  but  also  change  the  way 
the  world  changes.” 

What  Time’s  editors  failed  to  rec¬ 
ognize,  however,  is  that  Web  2.0  isn’t 
a  story.  Web  2.0  is  the  telling  of  a 
story.  And  your  role  lies  in  the  telling. 

Naming  you  as  Person  of  the  Year 
for  2006  is  tantamount  to  naming 
Bob  Woodward  and  Carl  Bernstein 
as  Persons  of  the  Year  for  1973  in 
recognition  of  their  Pulitzer  Prize¬ 
winning  Watergate  reporting.  In¬ 
stead,  that  distinction  went  to  John 
J.  Sirica,  the  judge  who,  Time’s  edi¬ 
tors  said,  “forced  Watergate  into  the 
light  of  investigative  day.”  While  it 
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could  be  argued  that  it 
was  actually  Woodward 
and  Bernstein  who  did 
that,  there’s  an  inherent 
danger  of  confusing  the 
story  by  allowing  it  to 
be  entwined  with  those 
who  write  about  it. 

Contrary  to  Time’s 
assertion,  you  do  not 
control  the  Information 
Age.  You  can’t  control 
the  Information  Age  any 
more  than  Woodward 
and  Bernstein  could  con¬ 
trol  Richard  Nixon.  The  age  we  live 
in  is  far  too  complex  and  obsessive, 
sometimes  disturbed,  even  maniacal. 
But  what  you  can  do  to  an  unprec¬ 
edented  degree  is  share  information 
and  ideas  about  the  age  we  live  in 
and  the  events  that  shape  it. 

That  an  unsanctioned  video  of 


Saddam  Hussein’s  Dec.  30  execu¬ 
tion  was  captured  on  an  anonymous 
onlooker’s  cell  phone  camera  and 
viewed  by  more  than  a  million 
people  all  over  the  world  within  a 
day  is  phenomenal.  But  the  onlooker 
had  no  control  over  the  hanging  or 
what  Saddam’s  last  words  would  be 
or  how  he  would  conduct  himself 
as  the  noose  was  slipped  around  his 
neck.  The  onlooker  simply  recorded 
the  event. 

To  be  sure,  in  sharing  that  record¬ 
ing,  he  told  the  world  a  provocative, 
engaging,  accurate  story.  But  the 
story  was  the  hanging.  Perhaps  he 
should  receive  a  Pulitzer  Prize  for  his 
coverage,  but  the  person  who  cov¬ 
ers  an  event  shouldn’t  be  allowed  to 
overshadow  the  newsworthiness  of 
the  event  itself. 

It’s  for  that  very  reason  that  Time 
would  never  select  a  professional 
journalist  as  Person  of  the  Year.  Se¬ 
lecting  the  worldwide  community  of 
citizen  journalists  —  “you” —  sug¬ 
gests  that  Time’s  editors  have  failed 
to  recognize  that  community  as  an 
information  resource  that’s  as  legiti¬ 
mate  as  its  own  reporting  staff.  Citi¬ 
zen  journalists  deserve  that  recogni¬ 
tion,  not  a  “Person  of  the  Year”  label 
that  only  undermines  it.  » 


MICHAEL 

GARTENBERG 

Lessons  of  a 
Corporate 
Blogger 

Blogging  is  no  longer 
the  cutting-edge  phe¬ 
nomenon  it  was  a  few 
years  ago.  In  fact,  many 

executives  (including  CEOs)  at 
mainstream  companies  have  been 
blogging  for  some  time,  some  more 
successfully  than  others.  At  Jupiter, 
we’ve  been  blogging  for  nearly  five 
years,  as  well  as  helping  clients  get 
started  with  blogging.  Along  the  way, 
we’ve  learned  some  lessons  about 
what  works  and  what  doesn’t.  While 
it’s  good  to  learn  from  one’s  own  mis¬ 
takes,  it’s  even  better  to  learn  from 
the  mistakes  of  others. 

1.  Post  early  and  often.  There’s  noth¬ 
ing  worse  than  a  stale  weblog.  If  you 
don’t  think  you  can 
post  something  of 
interest  at  least  once 
a  week  —  and  ideally, 
once  a  day  —  perhaps 
this  isn’t  the  medium 
for  you. 

2.  Link  and  converse. 

Part  of  the  essence 
of  a  blog  is  the  fact 
that  it’s  a  conversa¬ 
tion,  not  just  a  static 
diary.  Don’t  be  afraid 
to  link  to  other  folks 
and  engage  them.  It’s 
a  great  way  to  add 
presence  and,  more 
important,  to  help 
grow  your  reputation. 

Linking  isn’t  enough, 
though;  if  you’re  look¬ 
ing  to  engage,  you 
have  to  actually  add  something  to  the 
dialogue,  not  just  point  to  it. 

3.  Once  it’s  out  there,  it’s  out  there. 
When  blogging,  discretion  truly  is 
the  better  part  of  valor.  As  soon  as 
you  hit  “post,”  potentially  millions  of 
people  all  over  the  world  can  see  your 
words.  That’s  the  power  of  blogs.  But 
your  words  are  going  to  last  a  long 
time,  thanks  to  Google’s  cache  and 
sites  like  Technorati.  There’s  no  such 
thing  as  a  do-over.  If  you  make  a  mis¬ 
take,  the  best  you  can  do  is  apologize 
and  move  on.  So  think  really  hard 
before  you  hit  that  publish  button, 
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and  consider  that  everyone  you  know 
and  quite  a  few  people  you  don’t  know 
will  be  reading  everything  you  say.  I 
am  amazed  when  I  discover  who  reads 
my  corporate  blog,  and  that  knowledge 
makes  me  more  cautious  when  I  post. 

4.  Better  to  be  late  and  right  than  first  and 
wrong.  Many  bloggers  feel  a  need  to  be 
first  to  report  something.  It  feels  good 
to  have  the  scoop  on  something.  Samu¬ 
el  Johnson  said  that  the  vanity  of  being 
entrusted  with  a  secret  is  a  prime  mo¬ 
tive  to  disclose  it.  Keep  private  things 
private,  and  skip  reporting  on  rumors 
(unless,  of  course,  you’re  running  a 
rumor  site). 

5.  Politics  and  religion  don’t  mix  with 
corporate  blogs.  This  seems  to  be  a  no- 
brainer  to  me,  but  it’s  often  ignored. 
Let’s  face  it:  Unless  you’re  blogging  for 
a  religious  or  political  organization, 
there’s  little  to  be  gained  by  blogging 
on  these  subjects.  At  best,  you  net  out 
to  zero;  at  worst,  you  risk  alienating  a 
good  percentage  of  your  readers,  no 
matter  what  position  you  take. 

6.  Comments  are  optional.  Keeping 
comments  open  is  a  lot  of  work,  and 
depending  on  your  industry,  letting 
just  anyone  post  on  your  site  can  be 
a  problem.  We’ve  tried  it  a  few  times, 
but  we’ve  always  shut  it  down  quickly. 
If  folks  want  to  engage,  they  need  to 
get  a  blog  of  their  own  and  link  in  (see 
Rule  2). 

More  and  more,  blogging  isn’t  just 
for  amateurs  and  enthusiasts  in  their 
pajamas  pontificating  about  their  lives. 
It’s  also  a  serious  business  tool.  So 
get  on  board,  and  if  you  are  blogging, 
please  point  me  to  your  site.  * 


BEN  ROTHKE 

Like  Elections, 
E-voting  Must 
Be  Open 

Much  of  the  debate 
over  e-voting  stem¬ 
ming  from  Novem¬ 
ber’s  elections  has  been  like 

the  elections  themselves:  partisan. 

The  pro-e-voting  camp  focuses  on  the 
need  to  get  away  from  feeble  mechani¬ 
cal  voting  machines.  The  other  side 
focuses  on  how  insecure  e-voting  sys¬ 
tems  are  and  says  they  could  threaten 
fair  and  accurate  elections.  The  truth 
is  that  both  camps  are  right. 

The  machinery  of  voting  is  due  for 
an  overhaul.  After  the  hanging-chad 


spectacle  of  2000,  a  con¬ 
sensus  emerged  that  a  new 
voting  technology  was 
needed,  and  moving  to 
e-voting  seemed  compelling. 

The  problem  is  that  nearly 
every  commercial  e-voting 
system  deployed  to  date 
has  been  rushed  to  market 
without  the  level  of  security 
required  for  such  impor¬ 
tant  tools.  Going  digital  for 
digital’s  sake  without  ensur¬ 
ing  that  proper  precautions 
have  been  taken  is  short¬ 
sighted  and,  when  it  comes 
to  e-voting,  a  significant 
threat  to  democracy. 

Secure  electronic  voting 
would  be  possible  if  e-voting  systems 
were  designed  within  the  framework  of 
engineering  based  on  a  common  set  of 
security  features  that  all  vendors  could 
implement.  Such  a  framework  would 
build  security  and  privacy  into  every 
step  of  the  design.  Similar  efforts  have 
been  successful  —  we’re  willing  to 
trust  a  Boeing  777  to  carry  us  over  vast 
stretches  of  ocean  with  just  two  pilots 
and  two  engines  because  it  was  built 


with  extraordinary  design 
and  security  safeguards  in 
place.  Our  e-voting  systems 
deserve  no  less. 

The  problem  is  that 
e-voting  systems  are  imma¬ 
ture,  with  myriad  vendors 
proposing  proprietary  ap¬ 
proaches  and  implementing 
e-voting  in  incompatible 
ways  that  are  confusing  to 
both  those  who  vote  and 
those  who  oversee  elections. 

To  ensure  a  robust  and 
secure  e-voting  system,  the 
U.S.  government  should 
establish  an  open  standard¬ 
ization  process  and  solicit 
input  on  requirements  and 
other  criteria  from  product  manufac¬ 
turers,  standards  organizations,  citi¬ 
zens,  information  security  and  privacy 
experts,  federal,  state  and  local  govern¬ 
ments,  and  others. 

Given  that  a  single  attacker  can  taint 
an  entire  election,  the  process  of  secur¬ 
ing  an  e-voting  system  must  be  open 
for  public  analysis.  The  more  eyes 
that  analyze  e-voting  source  code,  the 
better  we  will  be  able  to  find  and  elimi¬ 


nate  flaws.  As  it  stands  now,  the  e-vot¬ 
ing  vendors  guard  their  proprietary 
software  and  refuse  to  allow  the  public 
to  analyze  it.  This  cavalier,  “trust  me” 
attitude  is  intolerable. 

Don’t  think  for  a  minute  that  opening 
up  the  software  is  an  invitation  for  at¬ 
tack.  Making  source  code  available  for 
analysis  is  a  proven  practice  for  find¬ 
ing  flaws  and  weaknesses.  Such  peer 
review  has  historically  been  one  of  the 
best  ways  to  determine  the  underlying 
security  of  a  system.  A  perfect  example 
of  this  is  the  Advanced  Encryption 
Standard  algorithm,  which  govern¬ 
ments  and  financial  institutions  around 
the  world  use  to  secure  data.  AES  was 
chosen  to  be  a  standard  only  after  years 
of  public  examination  and  analysis. 

“Secure  e-voting”  is  not  an  oxymo¬ 
ron.  Getting  to  that  point  simply  takes 
a  rigorous  open-engineering  approach. 
It  is  up  to  the  voting  public  to  demand 
it,  the  government  to  administer  it  and 
the  vendors  to  deliver  it. » 
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Google  Sets  Record 
Straight  on  Desktop 

AS  PRODUCT  manager  for 
Google  Desktop,  I  wanted  to 
offer  some  information  that  was 
not  included  in  the  Dec.  4  Security 
Manager’s  Journal  [“Stopping 
Data  From  Flying  Off  to  Google”]. 
Both  privacy  and  security  were 
important  considerations  in  the 
development  of  this  feature.  As 
the  article  noted,  Search  Across 
Computers  is  off  by  default, 
must  be  enabled  by  users  on  all 
computers  they  want  to  use  it  on, 
and  requires  them  to  be  logged 
into  their  Google  account  to  use 
it.  Your  readers  should  also  know 
that  indexed  files  are  stored  only 
temporarily  on  Google’s  servers 
until  they  are  transmitted  to  the 
user's  other  computers  as  they 
come  online,  and  no  files  are 
stored  for  more  than  30  days, 
even  if  the  user’s  other  computers 
never  come  online. 

Also,  users  can  clear  all  of 
their  files  at  any  time  by  select¬ 
ing  “Clear  my  files  from  Google” 
from  the  preferences  page.  This 
information  is  protected  using 
SSL,  and  access  to  it  is  restricted 


in  accordance  with  our  privacy 
policy.  Additionally,  by  default 
Google  Desktop  does  not  index 
secure  Web  pages  such  as  online 
banking  sessions  or  password- 
protected  documents  stored  on 
the  user’s  machine. 

Perhaps  the  most  important 
thing  for  your  readers  to  know, 
however,  is  that  IT  administrators 
can  easily  disable  Search  Across 
Computers  on  their  network  by 
simply  blocking  a  specific  URL  or 
setting  a  group  policy.  Moreover, 
all  user-configurable  features  of 
Google  Desktop  can  be  controlled 
or  completely  disabled  by  IT  ad¬ 
ministrators  to  conform  to  corpo¬ 
rate  security  and  information  poli¬ 
cies.  And  all  these  options  apply 
to  both  enterprise  and  consumer 
versions  of  Google  Desktop,  since 
they  are  the  same  binary. 

Kan  Liu 

Google  Desktop  product 
manager,  Sunnyvale,  Calif. 

No  Study  Needed 

SOMEONE  NEEDED  to 

conduct  a  study  to  learn  this 
["Study:  Customers  Don't  Want 
Data  Handled  by  Outside  Vendors,” 


Computerworld.com,  Oct.  24]?  In 
my  company,  our  data  is  our  life. 
We've  spent  millions  collecting  and 
culling  it.  We've  banned  USB  key- 
fobs,  iPods  and  portables  owned 
by  employees.  We’ve  locked  it  all 
down.  Inconvenient?  Yes.  Neces¬ 
sary?  Yes.  And  we  didn’t  need  a 
study  to  figure  that  out. 

James  R.  Earl 

President,  Solutions  in  Design, 
Marshall,  Mich. 

How  to  Succeed  at 
Publishing  E-books 

N  THE  article  "Experts  Debate: 
Is  DRM  Good  or  Bad  for  Con¬ 
sumers?"  [Computerworld.com, 
Nov.  8],  James  Delong  states  that 
instead  of  paying  $30  for  a  new 
book,  consumers  may  soon  be 
able  to  pay  $3  for  a  digital  copy 
that  lets  them  read  it  once. 

He  must  have  never  tried  to  read 
an  e-book.  I  would  never  pay  $3 
for  a  book  I  could  read  only  once. 
The  publishing  field  is  littered  with 
the  remains  of  failed  attempts  at 
electronic  publishing.  None  of 
them  made  money,  and  all  of  them 
used  various  forms  of  DRM.  Only 
one  publisher  has  made  money  at 
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electronic  publishing:  Baen  Books. 
It  doesn’t  use  DRM  at  all.  Its 
books  are  available  in  a  number  of 
formats,  and  you  are  free  to  copy 
them,  move  them  from  machine 
to  machine,  change  formats  and 
even  give  them  to  a  friend  -  all  the 
things  that  cause  other  publishers 
to  scream  about  the  money  they 
would  lose. 

Yet  Baen  makes  money.  The 
authors  make  money.  Why? 
Because  Baen  treats  its  custom¬ 
ers  like  honest  people,  offering  a 
great  product  at  a  fair  price,  with 
few  restrictions.  The  result?  A 
loyal  customer  base  that  has 
increased  by  leaps  and  bounds 
through  word-of-mouth. 

Douglas  Jones 
Indian  Lake,  N.Y. 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor.  Computer- 
world,  PO  Box  9171, 1  Speen  Street, 
Framingham,  Mass.  01701.  Fax: 
(508)  879-4843.  E-mail:  letters® 
computerworld.com.  Include  an 
address  and  phone  number  for  im  ¬ 
mediate  verification. 


BENROTHKE.CISSP.isa 

senior  security  consultant 
at  International  Network 
Services  and  the  author 
of  Computer  Security:  20 
Things  Every  Employee 
Should  Know  ( McGraw-Hill, 
2006).  You  can  contact 
him  at  ben.rothke® 
ins.com 
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FUTURE  WATCH 

Adapt  or  Die 

As  security  threats  evolve,  systems  will  have  to  become 
adaptive  and  resilient.  So  researchers  are  working  on  adap¬ 
tive  security  measures  such  as  “anomaly  detectors”  and  “virtual  controlled 
burns,”  which  are  deliberate  releases  of  nonvirulent  worms.  PAGE  24 


OPINION 

Moving  Beyond  Hope 
As  a  Backup  Strategy 

Mike  Elgan  says  “faith-based”  backup  plans  can 
lead  to  disaster  for  road  warriors.  The  solution? 
A  USB  drive  in  your  pocket.  PAGE  25 


ARE  YOU  READY? 


For  many  businesses,  the  answer  is 
probably  no. 

Like  many  small  and  midsize  compa¬ 
nies,  Cleveland-based  Kichler  Lighting 
has  yet  to  start  business  continuity 
planning.  “Pandemic  or  otherwise, 
we  have  no  plan  or  structure,  nor  the 
thought  process,  to  address  it,”  says 
CIO  John  Schindler,  adding  that  he’d 
like  to  make  it  a  higher  priority. 

Companies  like  Kichler  are  the 
norm,  not  the  exception,  says  Stephen 
Ross,  national  leader  of  the  business 
continuity  management  practice  at  De- 
loitte  &  Tbuche  LLP  in  New  York.  “The 
vast  majority  of  organizations  have  not 
done  anything,”  he  says.  Even  large 
companies  are  playing  catch-up.  In  a 
Deloitte  survey  of  163  large  companies 
conducted  last  month,  48%  of  respon¬ 
dents  said  their  companies  haven’t 
adequately  prepared  for  a  pandemic. 

14  percentage  points  better  than 
survey  the  previous  year.  But, 
adds,  “while  many  large  compa- 
Continued  on  page  22 
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Monday  morning,  9  A.M. 

The  CEO  calls  you  into  an 
executive  meeting  as  word 
comes  that  a  full-blown 
H5N1  avian  influenza  pan5 
demic  is  spreading  rapidly 
from  central  Asia.  Your 
job:  Keep  mission-critical  IT  systems 
working  despite  staff  absenteeism  rates 
that  could  reach  40%  at  the  height  of 
the  pandemic,  which  is  expected  to  run 
its  course  over  a  period 
to  eight  weeks. 

Supply  chain  disruptions 
are  expected  as  countries 
close  their  borders,  so  you  can’t  count 
on  spare  parts.  With  emergency  travel 
restrictions  in  effect,  you  can  forget 
about  moving  staffers  between  global 
locations  to  cope  with  labor  shortages. 

You  also  need  to  enable  remote  access 
for  an  unprecedented  number  of  em¬ 
ployees  who  will  either  be  out  sick,  car¬ 
ing  for  ill  family  members  or  afraid  to 
come  to  the  office.  You  have  weeks,  pos¬ 
sibly  just  days,  before  the  outbreak  over¬ 
takes  one  of  your  major  data 


If  there's  a  bird  flu  pandemic,  IT  will  be  critical  to  business  continuity. 

So  why  haven’t  more  organizations  started  planning? 
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global,  broadband,  secure. 


Business  is  not  bound  by  geography.  Wireless 
shouldn't  be  either.  With  Cingular's  LaptopConnect 
card,  you  can  work  at  broadband  speeds  here  and 
abroad.  Do  better  business  with  now. 


>  Cingular  is  the  only  U.S.  wireless  provider  to  offer 
a  3G  global  solution  from  a  single  laptop  card. 

>  Largest  national  high-speed  wireless  data 
network  with  mobile  broadband  speeds  in 
over  160  major  markets. 

>  More  secure  than  Wi-Fi  and  with  a  wider  coverage 
area  -  no  hotspots  required. 

>  Fast  and  easy  setup. 


Get  Cingular's  Global  3G 
LaptopConnect  card  for  only 

$4999 

after  $100  mail-in  rebate  debit  card 
with  2-year  service  agreement  on 
Unlimited  Data  Connect  plan. 


Call  1-866-4CWS-B2B  Clickwww.cingular.com/broadbandconnect  Visit  your  nearest  Cingular  store 


X  cingular 

raising  the  barr.iill 


Coverage  not  available  in  all  areas.  Limited-time  offer.  Other  conditions  and  restrictions  apply.  See  contract  and  rate  plan  brochure  for  details.  Subscriber  must  live  and  have  a  mailing  address  within  Cingular’s  owned  network  coverage  area.  Up  to  $36  activation  fee  apah 
price  and  availability  may  vary  by  market  and  may  not  be  available  from  independent  retailers.  Early  Termination  Fee:  None  if  cancelled  in  the  first  30  days;  thereafter  $175.  Some  agents  impose  additional  fees.  Rebate  Debit  Card:  LaptopConnect  card  price  M.v  ■  ■  bate 
debit  card  with  Unlimited  Data  Connect  plan  purchase  is  $149.99.  Allow  10-12  weeks  for  rebate  debit  card.  Rebate  debit  card  not  available  at  all  locations.  Must  be  customer  for  30  consecutive  days.  Must  be  postmarked  by  2/28/07.  Sales  tax  calculated  cased  cn  on  e  0  u.iauioted 
equipment.  ©2007  Cingular  Wireless.  All  rights  reserved. 


Remote  access  is  no  longer  a  perk  for  the  few,  but  a  necessity  for  everyone.  Microsoft®  Exchange 
Server  2007  unifies  e-mail,  v-mail,  and  calendars  into  a  single  system  with  advanced  security  that 
connects  everyone  to  the  information  they  need,  anywhere  they  go.  See  how  companies  are 
giving  more  people  more  access  at  microsoft.com/exchange 


Microsoft' 

Exchange  Server  2007 
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Response  Strategies 


CATEGORIES 


■  Network  reliability 

■HI 


CHALLENGES 


i  Lack  of  data  center  staff 
i  Fixing  application  bugs 
i  Data  loss  and  downtime 


i  Lack  of  local  support  staff 
i  Fixing  application  bugs 
i  Data  loss  and  downtime 


■  Laptop  distribution 

■  VPN  software  distribution 

■  Application  software 


i  Network  reliability 
i  Internet  stability 
i  Gateway  capacity 


i  Call  center  support 
i  Access  to  key  personnel 


Continued  from  page  16 
nies  have  begun  their  pandemic  plan¬ 
ning  efforts,  there’s  still  a  significantly 
large  number  that  have  not.” 

Why  such  inaction?  A  major  pan¬ 
demic  hasn’t  occurred  in  years,  and 
the  probability  of  an  outbreak  this  year 
can’t  be  predicted  with  certainty.  That 
may  lull  businesses  into  a  false  sense 
of  security,  but  the  potential  for  cata¬ 
strophic  losses  makes  planning  vital, 
say  pandemic  experts  and  business  con¬ 
tinuity  planners.  “The  impact  of  this  is 
so  high  that  the  risk  rating  tells  you  this 
must  be  a  priority,”  says  Don  Ainslie, 
global  security  officer  at  Deloitte. 

NOT  IF,  BUT  WHEN 

“The  probability  of  a  pandemic 
outbreak  is  [100%],”  says  Michael  T. 
Osterholm,  director  of  the  Center 
for  Infectious  Disease  Research  and 
Policy  at  the  University  of  Minnesota 
in  Minneapolis.  It’s  just  a  matter  of 
when,  he  says. 

The  World  Health  Organization  has 
already  issued  a  pandemic  alert  for  the 
deadly  H5N1  virus,  although  at  this 
point,  the  virus  still  isn’t  able  to  spread 
directly  between  humans.  “What  we 
need  to  do,”  says  Osterholm,  “is  em¬ 
phasize  to  these  companies  that,  unlike 
many  events  [such  as  tornadoes  and 
earthquakes]  that  may  never  happen  to 
a  company,  this  is  one  that  will.” 

A  flu  pandemic  could  devastate  com- 


POTENTIAL  STRATEGIES 


■  Active-active  server  clusters 

■  Contingent  outsourcing  of 
operations  and  application  support 

■  Real-time  data  replication 

■  Central  or  cross-trained  support 

■  Contingent  outsourcing  of 
application  support 

■  Maintaining  local  backups 

■  Before-the-fact  distribution 

■  Distribution  at  the  time  of  a 
pandemic,  with  pre-established 
distribution  and  pickup  points 

■  Contingent  outsourcing  of 
network  operations 

■  Shift  operations 

■  Increased  gateway  capacity 

■  Contingent  outsourcing 

■  Automatic  forwarding 
of  telephone  calls 

■  Carrier  diversity 


panies  and  the  world  economy.  The 
U.S.  Department  of  Homeland  Security 
estimates  that  worker  absenteeism 
could  reach  30%  to  40%  during  a  pan¬ 
demic’s  peak.  For  a  corporation  with 
about  20,000  employees,  the  cost  of 
lost  labor  and  health  care  could  exceed 
$60  million,  a  Deloitte  study  says. 

Supply  chain  disruptions  in  one  sec¬ 
tor,  such  as  the  oil  and  gas  industry, 
could  have  a  domino  effect,  says  Oster¬ 
holm.  According  to  the  Congressional 
Budget  Office,  a  severe  pandemic  could 


BYTHENUMBERS 

73%  68% 


of  respondents 
surveyed  believe 
a  flu  pandemic 
presents  a  real 
threat  to  the  U.S. 


companies  are 
very  concerned 
about  a  flu 
pandemic. 


52%  45% 


said  their 
companies  have 
adequately 
planned  ways 
to  protect  them¬ 
selves  from  the 
effects  of  a 
flu  pandemic. 


feel  confident 
their  companies 
are  prepared  to 
manage  a 
flu  pandemic 
outbreak 
should 


cost  the  U.S.  economy  more  than 
$600  billion,  or  about  5%  of  the  gross 
domestic  product. 

The  U.S.  hasn’t  seen  a  large-scale 
pandemic  since  the  Spanish  flu  out¬ 
break  of  1918,  when  one-third  of  the 
world’s  population  became  ill  and  at 
least  50  million  people  died,  according 
to  a  government  report.  In  the  worst- 
case  scenario  described  in  a  WHO 
report,  if  H5N1  mutates  directly  into  a 
human-to-human  transmissible  form, 
the  mortality  rate  could  hit  60%  to  65%. 
In  contrast,  the  mortality  rate  in  1918 
was  2.5%. 

“Obviously,  in  that  kind  of  world¬ 
wide  pandemic,  it  would  be  as  cata¬ 
strophic  as  anything  we’ve  ever  seen  or 
known.  We’re  talking  1  billion  —  with  a 
‘b’  —  or  more  deaths,”  Osterholm  says. 

But  other  pandemic  experts  question 
the  probability  of  such  a  deadly  sce¬ 
nario.  Martin  Meltzer,  a  senior  health 
economist  at  the  Centers 
for  Disease  Control  and 
Prevention  in  Atlanta, 
says  there  isn’t  enough 
data  to  make  such  pre¬ 
dictions.  Then  there  are 
mitigating  factors.  “Some 
mathematical  models  sug¬ 
gest  that  if  you  have  a  very 
lethal  strain  of  flu,  it  might 
be  difficult  to  sustain 
transmission,”  meaning 
fewer  people  would  be 
infected,  he  says. 

Nonetheless,  Meltzer 
says  some  sort  of  pan¬ 
demic  is  inevitable,  but 
the  uncertainty  of  when 
it  will  occur  is  affecting 
the  way  companies  plan. 

“What  happens  if  the 
pandemic  doesn’t  occur 
for  two  years?  Will 
everyone  go  home  and 
stop  planning?  That 
would  be  a  complete  di¬ 
saster,”  he  says. 

The  enormity  of  the 
problem  may  lead  some 
organizations  to  conclude  that  there’s 
little  they  can  do.  “There  is  a  real  po¬ 
tential  to  be  overwhelmed  by  the  po¬ 
tential  intensity  of  a  pandemic  and  take 
no  action,”  says  Bill  Raisch,  director  of 
the  International  Center  for  Enterprise 
Preparedness  at  New  York  University. 

But  organizations  need  to  plan  now, 
says  Ainslie.  “There’s  a  lot  you  can  do, 
and  technology  is  a  critical  component 
in  this,”  he  says.  And  the  continuity 
plans  that  businesses  already  have  will 
handle  60%  to  80%  of  the  pandemic 
challenge,  Raisch  says. 

Although  planning  needs  to  take 


Unlike 
many 
events  [such  as 
tornadoes  and 
earthquakes] 
that  may  never 
happen  to  a 
company,  this 
is  one  that  will. 

MICHAEL  T.  OSTER¬ 
HOLM,  DIRECTOR, 
CENTER  FOR  INFECTIOUS 
DISEASE  RESEARCH  AND 
POLICY,  UNIVERSITY 
OF  MINNESOTA 


place  at  the  executive  level,  IT  will  play 
a  key  role.  Companies  must  expand  on 
business  continuity  plans,  which  typi¬ 
cally  assume  that  disasters  will  be  re¬ 
gional  and  affect  infrastructure,  to  deal 
with  a  disaster  that  is  global  and  affects 
staff  resources.  “You  can  easily  modify 
your  existing  business  continuity  plan 
to  handle  this  type  of  disaster,”  says 
Kathy  Sgroi,  manager  of  service  man¬ 
agement  in  the  information  services 
division  at  United  Parcel  Service  Inc. 

Preparations  include  cross-training 
IT  staffers  to  handle  critical  functions 
such  as  hardware  maintenance.  Beyond 
that,  the  IT  department  can  deploy 
e-learning  tools,  expand  remote  access 
gateways  to  support  more  telecom¬ 
muters  and  beef  up  intranet  portals, 
videoconferencing,  Web  conferencing 
and  other  communication  channels 
that  will  keep  employees  informed 
during  an  outbreak.  Ainslie  has  used 
“webinars”  to  educate 
executives  on  the  threat 
and  how  they  should 
respond. 

“The  two  cornerstones 
of  any  plan  are  being 
able  to  communicate  and 
[being  able]  to  receive 
and  distribute  timely  and 
accurate  information  to 
decision-makers,”  says 
Brent  Woodworth,  a 
manager  with  the  crisis 
response  team  at  IBM 
Global  Services. 

Wayne  Rawlins,  na¬ 
tional  medical  director 
and  clinical  lead  for  pan¬ 
demic  planning  at  Aetna 
Inc.,  says  the  company’s 
pandemic  plan  has  been 
“layered”  into  its  crisis 
management  plan. 

The  insurer  recently 
conducted  a  full-scale 
simulation  of  its  plan 
and  is  ready  to  operate 
its  data  centers  at  50% 
staffing  levels,  says  Dana 
Bennett,  head  of  IT  strategy,  planning 
and  business  architecture. 

Aetna  will  use  its  intranet  portal  and 
an  interactive  voice-response  system 
to  communicate  information  to  em¬ 
ployees  and  its  clients  during  an  emer¬ 
gency,  and  it  has  deployed  e-learning 
courseware  for  pandemic  education. 

About  70%  of  employees  are  already 
set  up  for  some  level  of  remote  access, 
Bennett  says.  Aetna  is  also  ramping  up 
its  remote  access  gateways,  which  can 
support  simultaneous  network  access 
for  IT  workers  and  the  10%  of  its  work¬ 
force  who  are  full-time  teleworkers. 
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Globalization  could  magnify  a  pan¬ 
demic’s  effect  on  businesses,  especially 
in  the  U.S.,  says  Ainslie.  “We’re  in  a 
just-in-time  economy.  Everything  is 
offshored  and  outsourced,”  he  says. 

“Thought  ought  to  be  given  as  to 
whether  and  when  to  increase  stock¬ 
piles  of  critical  equipment,”  says 
Deloitte’s  Ross. 

Michael  Rasmussen,  an  analyst  at 
Forrester  Research  Inc.,  says  IT  should 
plan  now  for  supply  chain  disruptions. 
“Spare  parts  and  [things  like]  new  lap¬ 
top  shipments  could  be  restricted  to 
some  degree.  Even  backup  tapes  and 
off-site  storage  could  become  a  chal¬ 
lenge”  as  transportation  bottlenecks 
emerge,  he  says. 

PERSONNEL  SHORTAGES 

Personnel  shortages  won’t  just  affect 
low-level  staffers.  IT  decision-makers 
could  suddenly  become  unavailable. 
One  option  is  to  predefine  task  orders 
or  procedures,  such  as  procurements, 
that  normally  need  several  layers  of 
approval,  says  Woodworth.  “If  you 
can  get  those  preapproved  ...  it  will  be 
easier  to  get  the  things  you  need  in  a 
disaster,”  he  says. 

Companies  like  Kichler  Lighting 
could  feel  the  effects  of  a  pandemic 
well  before  it  hits  U.S.  shores.  A  failure 
of  Kichler’s  back-office  IT  systems 
won’t  stop  the  business  right  away,  but 
the  firm  may  not  have  any  products  to 
ship.  “Most  of  the  company’s  products 
are  manufactured  in  Asia.  If  it  hits 
[there],  we’re  pretty  much  going  to 
have  to  shut  down,”  Schindler  says. 

At  UPS,  the  data  center  is  an  integral 
part  of  operations.  “If  our  computer 
systems  don’t  run,  scanners  in  our  lo¬ 
cations  all  over  the  world  won’t  work. 
Our  revenue  stops  because  our  busi¬ 
ness  stops,”  says  Sgroi. 

Like  most  large  companies,  UPS  can 
remotely  manage  most  aspects  of  data 
center  operations,  with  the  exception 
of  hardware  maintenance.  But  UPS 
also  has  a  plan  for  moving  workloads. 

If  a  major  site  in  Asia  or  elsewhere  goes 
offline,  the  company’s  plan  calls  for  di¬ 
verting  data  to  another  location,  which 
must  have  enough  capacity  to  take  on 
the  added  workload,  Sgroi  says. 

UPS  is  also  adding  a  Web-based  ab¬ 
senteeism  application  to  help  managers 
during  a  crisis.  “During  a  pandemic, 
we  would  need  better  control  over  how 
many  people  are  in  and  out  of  the  of¬ 
fice.  This  doesn’t  exist  today,”  Sgroi  says. 

Ainslie  says  it  isn’t  enough  to  have 
backup  power.  He’s  looking  at  how  to 
keep  running  for  extended  periods 
without  utility  power  or  access  to  fuel 
for  backup  generators.  “You  have  to 


have  enough  [fuel]  for  an  extended  pe¬ 
riod  of  time,  if  practical,”  he  says. 

Sgroi  is  confident  that  IT  can  func¬ 
tion  with  an  absentee  rate  of  25%,  but 
she  says  a  rate  of  40%  would  require 
additional  steps.  Even  Deloitte,  which 
advises  clients  on  pandemic  planning 
and  has  invested  considerable  time  and 
effort  in  its  own  plans,  isn’t  ready  for  a 
40%  absenteeism  rate.  “We  still  have  a 
lot  of  work  to  do,”  Ross  says. 

Organizations  that  have  outsourced 
parts  of  their  IT  operations  should  also 
take  a  hard  look  at  their  collocation 
facilities  and  other  outsourced  IT  ser¬ 
vices,  says  Rasmussen.  “You  need  to  be 
working  with  them  to  make  sure  you 
have  a  right  to  an  audit.  Look  at  their 


business  continuity  plans  and  what 
processes  are  in  place  to  execute  those 
plans,”  he  suggests. 

Although  telecommuting  can  help 
some  staffers  continue  to  work  during 
a  pandemic,  in  some  cases  it  just  isn’t 
practical.  At  Kichler  Lighting,  where 
IT  staffers  are  already  engaged  in  an 
ERP  rollout,  a  project  to  support  re¬ 
mote  access  for  teleworkers  is  at  least 
24  to  36  months  away,  says  Schindler. 

Aetna  isn’t  counting  on  remote  ac¬ 
cess  during  a  pandemic.  Bennett  is 
concerned  that  users  working  from 
home  might  have  extremely  slow  In¬ 
ternet  connectivity  —  or  no  last-mile 
connectivity  at  all  —  if  their  Internet 
service  providers  aren’t  capable  of  han¬ 


dling  the  expected  surge  in  usage. 

The  bigger  problem,  however,  is 
that  many  job  functions  simply  can’t 
be  performed  remotely.  “Sending  ev¬ 
eryone  home  to  telework  isn’t  viable  in 
our  business,”  Bennett  says.  Instead, 
Aetna  is  focusing  on  reducing  work¬ 
place  risks,  by  using  its  intranet  and 
e-learning  systems  to  train  employees 
on  practices  such  as  “social  distancing” 
(staying  three  feet  away  from  others), 
the  use  of  protective  masks  and  gloves, 
and  environmental  cleaning. 

At  other  businesses,  remote  access 
will  be  crucial.  “The  principal  role  of 
the  IT  team  has  been  to  enhance  our 
remote  working  capability,”  says  Den¬ 
nis  Jobin,  managing  director  of  the 
business  continuity  planning  division 
at  The  Bank  of  New  York  Co.  The  bank 
is  also  ramping  up  its  internal  Web  site 
to  support  more  concurrent  users. 

Security  is  a  concern.  Businesses 
may  want  to  distribute  laptops  in  ad¬ 
vance  to  ensure  that  endpoint  devices 
coming  into  the  virtual  private  net¬ 
work  are  properly  secured,  says  Ross. 

Bank  of  New  York  has  a  VPN  but 
is  in  the  final  stages  of  choosing  a 
thin-client,  desktop  application  virtu¬ 
alization  technology  that’s  capable  of 
securely  supporting  remote  access  by  a 
large  population  of  users  working  from 
home.  The  new  system  will  securely 
support  any  computer  equipped  with  a 
browser,  thus  eliminating  worry  about 
the  security  of  home  computers  or  sup¬ 
plying  company  laptops.  Configuration 
and  management  will  all  occur  on  the 
back  end.  “The  solution  we  choose  will 
minimize  or  eliminate  any  visits  to 
people’s  homes,”  says  ]obin. 

Cross-training  employees  can  help 
the  business  cope  with  skills  shortages 
by  making  it  possible  for  remaining 
employees  to  get  critical  tasks  done, 
but  training  must  occur  before  a  pan¬ 
demic  strikes.  “That  has  to  happen 
now.  You  can’t  wait,”  says  Ross. 

But  cross-trained  employees  taking 
on  new  roles  will  need  access  to  dif¬ 
ferent  parts  of  the  company’s  computer 
systems.  “Which  applications  you  can 
use,  which  data  you  have  access  to,  will 
change,”  Ross  says,  and  identity  man¬ 
agement  tools  will  be  critical  to  such 
provisioning  efforts. 

Ultimately,  dealing  with  a  pandemic 
is  a  problem  that  must  be  coordinated 
at  the  executive  management  level 
through  a  cross-functional  team.  “IT  is 
not  the  problem,  nor  the  full  solution,” 
says  Rawlins.  But  it  is  part  of  the  solu¬ 
tion.  And  in  a  true  emergency,  informa¬ 
tion  systems  might  just  be  the  glue  that 
keeps  employees  in  touch  —  and  holds 
the  organization  together.  » 


If  employees  can’t  come 
into  the  office  during  a 
pandemic,  why  not  bring 
the  office  to  them? 

Using  Second  Life,  the 
popular  3-D  virtual  world, 
researcher  Colleen  Mo¬ 
nahan  has  done  exactly 
that.  Monahan,  director 
of  development  at  the 
Center  for  the  Advance-  Executives  -  well,  their  avatars  -  could  strategize  in  a 
ment  of  Distance  Educa-  virtual  situation  room  using  Second  Lo¬ 
tion  at  the  University  of  encing,  in  Second  Life,  you  can  create  a  private 

Chicago,  says  the  center  employees  meet  by  proxy,  island  in  Second  Life.  On 

recently  worked  with  a  using  avatars.  the  other  hand,  if  your 

large  corporation  (which  “The  power  of  a  3-D  other  IT  systems  are 
she  declined  to  name)  to  world  is  a  shared  sense  down,  a  virtual  company 

create  a  virtual  human  of  space  and  commu-  could  come  in  handy, 

resources  department  nity,”  Harvey  says.  But  “You  have  to  have  other 

and  a  situation  room  for  he  also  envisions  a  virtual  mechanisms  to  talk  to 

executives,  HR  department  as  a  place  each  other  and  see  each 

“We  created  a  space  employees  can  go  for  in-  other,”  Monahan  says, 

for  them  to  experiment  in  formation  or  support.  “An  The  center  is  working 
different  scenarios,”  says  avatar  can  sit  down  in  a  on  other  projects,  such 

assistant  director  Kevin  room  and  counsel  them.  as  a  Java  applet  for  cell 

Harvey.  Why  not  just  use  We  demonstrated  that  to  phones  that  provides 

videoconferencing?  “The  [the  business],”  he  says.  basic  flu  information  and 

walls  of  the  IT  system  Executives  could  also  go  leverages  location-based 

may  start  to  crumble  in  to  a  virtual  situation  room  services  and  text  mes- 

an  emergency,”  Harvey  to  meet,  get  up-to-date  saging  to  direct  employ- 

says.  By  creating  a  vir-  information  or  strategize.  ees  during  a  crisis, 

tual  company,  employees  But  how  did  the  corpo-  Harvey  says  he’s  also 
will  have  a  place  outside  rate  business  continuity  seeing  increased  interest 

of  the  corporate  firewall  planners  feel  about  using  in  simulations  for  pan- 

where  they  can  meet  a  gaming  Web  site  to  ex-  demic  planning.  “We’ll 

around  the  virtual  water  change  critical  business  be  building  a  pandemic 

cooler  or  receive  court-  information?  Security  is  flu  simulation  game  next 

sefing.  a  big  concern,  Monahan  year,”  he  says. 

Unlike  videoconfer-  acknowledges,  although  -  ROBERT  L.  MITCHELL 
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As  security  threats  evolve,  systems 
will  have  to  become  adaptive  and 
resilient.  BY  GARY  ANTHES 


NTEL  CORP.  is  de¬ 
veloping  a  way  for 
networked  computers 
to  “gossip”  among 
themselves,  sharing 
their  experiences  and 
“beliefs.”  The  idea  is 
to  stay  a  step  ahead  of  hackers. 

For  years,  the  backbone  of 
computer  security  has  been 
the  use  of  tools,  such  as  fire¬ 
walls  and  virus  scanners,  that 
base  their  actions  on  knowl¬ 
edge,  or  “signatures,”  of  past 
attacks.  But  this  has  two  prob¬ 
lems:  The  tools  generally  don’t 
recognize  new  threats,  and 
they  can’t  be  updated  rapidly 
enough  to  deal  with 
fast-spreading  exploits. 

The  answer,  IT  re¬ 
searchers  say,  lies  in 
new  tools  for  “adap¬ 
tive  and  resilient  computing 
security,”  the  name  of  a  recent 
workshop  sponsored  by  the 
Santa  Fe  Institute  and  BT 
Group  PLC. 

“Signature-based  technol¬ 
ogy  is  limited,”  says  Robert 
Ghanea-Hercock,  a  research 
engineer  at  BT  in  London  and 
the  leader  of  the  workshop. 
“For  cutting-edge  day-to-day 
protection,  you’ll  have  to  have 
adaptive  things  that  monitor 
what’s  happening  on  the  net¬ 
work  in  real  time.” 

That’s  just  what  Intel  is 


developing.  “Anomaly  de¬ 
tectors”  at  local  nodes  on  a 
network  look  for  evidence 
of  worms,  such  as  unusual 
spikes  in  activity.  A  machine 
that  normally  makes  just  a 
few  network  connections  per 
second  might  suspect  that 
something  is  amiss  if  it  is  sud¬ 
denly  instructed  to  make  con¬ 
nections  at  a  higher  rate.  So, 
using  a  peer-to-peer  “gossip” 
protocol,  it  transmits  to  other 
machines  its  so-called  belief, 
in  the  form  of  a  probability, 
that  the  network  may  be  under 
attack.  If  the  total  number  of 
beliefs  that  any  given  machine 
receives  from  other 
nodes  is  high  enough, 
it  will  assume  that  an 
attack  is  under  way  and 
take  some  defensive 
action,  such  as  sounding  an 
alarm  or  disconnecting  from 
the  network. 

Intrusion-detection  systems 
that  look  for  anomalous  be¬ 
havior  are  not  new.  And  it’s 
not  hard  to  detect  an  intrusion 
by  a  fast-spreading  worm  such 
as  the  infamous  SQL  Slam¬ 
mer,  which  infected  more  than 
10,000  machines  per  second 
(response  is  a  different  mat¬ 
ter).  But  more  recently,  hack¬ 
ers  have  deliberately  slowed 
the  spread  of  their  malware  so 
it  will  pass  under  the  radar  of 


FUTURE 

WATCH 


conventional  detectors. 

The  era  of  massive,  highly 
visible  worm  attacks  has  large¬ 
ly  passed,  says  Richard  Ford,  a 
computer  science  professor  at 
the  Florida  Institute  of  Tech¬ 
nology  in  Melbourne. 

“Now  what  we  are  seeing 
is  that  hackers  keep  exploits 
close  to  their  chests  and  use 
them  for  high-value  targets,” 
he  says.  “That  dramatically 
changes  the  threat  profile.” 

The  Intel  prototype,  called 
Distributed  Detection  and 
Inference  (DDI),  uses  Bayes¬ 
ian  probability  to  detect  these 
more  stealthy  worms.  The  idea 
is  that  if  just  one  node  is  see¬ 
ing  a  big  increase  in  connec¬ 
tions,  that  could  be  a  tempo¬ 
rary,  random  fluctuation,  but 
50  nodes  experiencing  even  a 
modest  increase  in  traffic  very 
likely  means  that  the  network 
is  under  attack  and  that  a  pro¬ 
tective  response  is  warranted. 

DDI’s  probabilistic  thresh¬ 
olds  can  be  adjusted  to  pro¬ 
duce  very  few  false  positives, 
which  would  annoy  users  by 
shutting  down  the  network 
unnecessarily,  Intel  researcher 
John  Mark  Agosta  told  work¬ 
shop  attendees. 

“It’s  based  on  the  law  of 
large  numbers,”  he  says.  “If  I 
can  average  over  a  large  num¬ 
ber  of  signals,  I  can  pull  out  a 
weak  signal  from  the  noise.” 

Technodiversity 

False  positives,  which  can 
inconvenience  users  and 
sometimes  lead  them  to  ignore 
warnings,  and  false  negatives 
are  the  chief  weakness  of 


Security 

Challenges 

■  Increased  complexity 

■  Increased  connectivity 

■  Increased  sophistication 
of  hackers  and  tools,  as 
hackers  adopt  targeted, 
stealthy,  hard-to-detect 
methods 

*  Changing  motives  - 
hacking  for  money,  not  fun 
»  Security  that’s  often  lim¬ 
ited  to  perimeter  defense 

■  Too  much  reliance  on 
user  actions  (passwords, 
patches,  etc.) 

■  Security  tools  that  are 
mostly  reactive  (against 
known  viruses,  etc.) 

■  Security  tools  that  focus 
on  individual  nodes,  not  the 
network 


f 


adaptive  detection  mecha¬ 
nisms  and  the  reason  they  are 
often  difficult  to  implement, 
Ghanea-Hercock  says. 

Nevertheless,  adaptive 
security  measures  are  begin¬ 
ning  to  creep  into  the  com¬ 
mercial  world,  he  says.  For 
example,  Microsoft  Corp.’s 
Windows  Vista  has  a  feature 
called  Address  Space  Layout 
Randomization  that  makes  it 
harder  for  malware  to  find  the 
code  it  wants  to  attack.  ASLR 
puts  certain  critical  code  into 
different  memory  locations 
each  time  the  machine  boots 
up  so  that,  in  essence,  every 


Deriving  Evidence 
From  Gossip  IgSM 

along  with  “gossip”  from  other  nodes,  to  determine 
when  a  network  is  under  attack. 


computer  looks  different  to  an 
attacker. 

ASLR  is  an  example  of  a 
principle  computer  scientists 
have  borrowed  from  biology: 
Systems  —  of  organisms  or 
computers  —  are  more  robust 
when  diverse.  A  population  is 
most  vulnerable  to  catastroph¬ 
ic  failure  when  it  is  genetically 
homogeneous. 

A  network  could  be  made 
more  secure  by  making  it 
more  diverse  —  mixing  Macs 
with  PCs,  or  rolling  out  dif¬ 
ferent  versions  of  software,  for 
example  —  but  the  trend  is  in 
the  opposite  direction,  toward 
standardization.  And  with 
sameness  comes  exposure  to 
risk,  say  the  proponents  of 
adaptive  security  methods. 

While  the  research  projects 
presented  at  the  workshop 
dealt  mostly  with  ways  to 
make  systems  adaptive  and  re¬ 
silient,  Ford  presented  an  idea 
for  making  users  more  adap¬ 
tive.  The  idea  is  based  on  the 
observation  that  occasional 
small  forest  fires,  which  may 
scorch  trees  but  not  kill  them, 
are  beneficial  because  they 
remove  combustible  material 
before  so  much  accumulates 
that  the  forest  is  vulnerable  to 
a  devastating  inferno. 

Ford  has  proposed  that  low- 
level  virus  or  worm  infections 
could  be  used  to  strengthen 
systems  against  catastrophic 
failures.  In  many  biological 
systems,  regular,  moderate  dis¬ 
ruptions  lead  to  rich  diversity 
and,  hence,  resilience,  he  ob¬ 
serves.  Computer  systems,  in 
contrast,  tend  to  be  very  brittle. 

So  Ford  has  suggested  vir¬ 
tual  “controlled  burns,”  delib¬ 
erate  releases  of  nonvirulent 
worms  onto  the  Internet.  They 
would  force  administrators  to 
strengthen  and  update  their 
protective  measures  while 
doing  far  less  damage  than  a 
malicious  worm. 

“The  technical  issues  are 
dwarfed  by  the  ethical  and 
legal  issues,”  Ford  says  of  his 
proposal.  “Nobody  is  publicly 
touching  it  with  a  10-foot  pole. 

“I’m  not  suggesting  we  go 
out  tomorrow  and  do  it,”  he 
adds.  “But  we  need  to  look  at 
novel  solutions,  because  what 
we  are  currently  doing,  long¬ 
term,  isn’t  going  to  work.”  » 
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Incipient  Unveils 
SAN  Virtualization 

■  Incipient  Inc.  announced  that 
its  flagship  product,  the  Incipient 
Network  Storage  Platform  soft¬ 
ware  suite  for  storage  virtualiza¬ 
tion,  began  shipping  commer¬ 
cially  last  month.  The  software 
runs  on  Cisco  Systems  Inc.’s 
MDS  9000  series  of  Fibre  Chan¬ 
nel  switches  with  the  32-port 
Storage  Services  Module  (SSM). 
The  Waltham,  Mass.-based 
vendor  says  the  suite  lets  users 
migrate  data  within  a  SAN  using 
switch-based  storage  virtualiza¬ 
tion  software  without  disruption 
to  applications.  Pricing  starts  at 
$137,500  for  each  Cisco  SSM 
blade  in  use  or  $275,000  for  the 
recommended  two-node  con¬ 
figuration.  Data  snapshots  cost 
an  additional  $45,000  for  each 
Cisco  SSM  blade,  or  $90,000 
for  two  nodes. 


Heroix  Enhances 
Central  Monitor 

■  Heroix  Corp.  in  Newton,  Mass., 
last  month  unveiled  the  latest 
version  of  its  IT  infrastructure 
monitoring  and  reporting  prod¬ 
uct,  longitudeV4.  It  includes  a 
centralized  event  monitor  for  di¬ 
agnosis  of  system  problems  and 
a  dashboard  that  displays  met¬ 
rics  about  applications,  servers, 
databases,  Web  servers,  e-mail 
and  network  devices,  according 
to  the  vendor.  Pricing  starts  at 
$299  per  monitored  system. 


RTime  Upgrade 
Adds  Dashboard 

■  QAVantage  Inc.  in  Parsippany, 
N.J.,  recently  released  an  update 
to  its  application  development 
life-cycle  management  software. 
The  vendor  says  RTime  Version 
4.0’s  new  features  include  a 
Web-based  reporting  dashboard, 
better  control  over  budget 
management  and  over  time  and 
cost  estimates,  and  templates 
for  various  development  and 
IT  compliance  methodologies. 
RTime  costs  $500  per  user,  plus 
an  annual  maintenance  fee  of 
18%,  with  volume  discounts  for 
companies  that  buy  licenses  for 
more  than  20  users. 


Moving  Beyond  Hope 
As  a  Backup  Strategy 


MIKE  ELGAN 


YOU  can  find  volumes  of  information  about 

mobile  data  security  —  everyone  knows  that 
data  on  mobile  devices,  especially  laptops,  is  at 
risk.  But  almost  every  article  describes  how  to 
protect  your  company  financially  and  legally 
from  data  loss.  There’s  precious  little  guidance  on  how  you 
can  continue  working  on  the  road  once  that  data  is  gone. 


Say  you’re  on  a  busi¬ 
ness  trip  and  your  laptop 
is  stolen  or  the  hard  disk 
dies.  All  the  data  on  your 
laptop  is  backed  up  at  the 
office,  so  no  problem,  right? 

Wrong.  Your  company  is 
safe,  but  you’re  toast.  Your 
presentation  is  gone.  You 
can’t  do  e-mail.  Your  cal¬ 
endar  is  unavailable.  The 
files  you  updated  on  the 
plane  are  lost.  You  go  from 
road  warrior  to  roadkill  in 
a  single  stroke. 

Nobody  is  immune 
from  this  problem.  Re¬ 
cently,  I’ve  seen  three  executives  from 
the  technology  industry  sent  back  to 
the  information  Stone  Age  (before 
people  traveled  with  laptops)  because 
they  weren’t  prepared  for  losing  data 
on  the  road.  My  guess  is  that  most 
business  travelers  don’t  adequately 
protect  against  data  loss  while  travel¬ 
ing.  They’re  employing  a  “faith-based” 
strategy  and  simply  hoping  that  noth¬ 
ing  bad  happens. 

True  Horror  Stories 

There’s  so  much  that  can  go  wrong 
when  you’re  on  the  road,  yet  most 
people  and  their  companies  focus  on 
protecting  data  that  sits  on  corporate 
networks  and  company  PCs.  But  lap¬ 
tops  present  a  far  higher  risk.  Here 
are  two  stories  that  illustrate  what 
could  happen  to  you. 

I  delivered  a  presentation  last  year 
with  an  executive  who  was  his  compa¬ 
ny’s  lead  guy  in  a  big  merger.  On  the 


first  day  of  his  two-week 
business  trip,  his  laptop’s 
hard  drive  catastrophically 
failed,  locking  him  out  of 
all  his  data  —  his  e-mail, 
his  presentations,  his  Excel 
files.  He  spent  the  first  day 
of  his  trip  trying  to  bring 
the  hard  disk  back  to  life. 

He  spent  the  second  day 
calling  everyone  involved 
in  the  merger  to  let  them 
know  he  wasn’t  getting 
their  e-mail.  He  spent  the 
third  day  camping  out  at 
libraries,  airport  lounges, 
hotel  business  centers  and 
other  places  with  Internet  connections. 
He  ended  up  spending  the  holidays 
after  his  trip  catching  up  with  his  work 
and  trying  to  fix  the  damage  to  his  proj¬ 
ects  —  and  his  reputation. 

Here’s  the  second  story.  A  well- 
known  IT  analyst  recently  had  her 
carry-on  bags  lost  by  the  airline. 

No,  that’s  not  a  typo:  The  airline  actu¬ 
ally  lost  her  carry-on  bag.  When  the 
overhead  bins  filled  up,  the  flight  atten¬ 
dants  asked  passengers  to  leave  addi¬ 
tional  carry-on  bags  at  the  front  of  the 
plane  to  be  shipped  as  regular  luggage. 
The  luggage  was  promptly  lost. 

These  stories  highlight  just  two 
of  the  ways  laptops  are  at  risk.  But 
there  are  many  more  threats  out  there. 
Crooks  camp  out  at  Starbucks  and 
other  Wi-Fi  hot  spots  waiting  for 
some  poor  sucker  to  use  the  bathroom. 
They  can  nab  your  laptop  while  you’re 
stuck  in  the  airport  security  line  or 
from  the  overhead  bin  in  an  airplane 


while  you’re  sleeping. 

Damage  is  even  more  likely  than  theft. 
Laptop  electronics  are  miniaturized 
and  compressed  into  a  smaller  space 
than  desktop  PC  components.  Mobile 
hard  drives  tend  to  be  smaller  and  more 
prone  to  error  or  damage.  Laptops  are 
easy  to  drop,  spill  something  on  or  step 
on.  They  overheat  —  especially  if  you 
have  one  of  those  exploding  batteries 
everyone  is  talking  about. 

All  the  traditional  mobile  data  pro¬ 
tection  schemes  carry  risks  and  flaws. 
For  example,  backing  up,  or  “ghost¬ 
ing,”  your  laptop’s  drive  to  media 
such  as  an  external  hard  drive  won’t 
do  any  good  if  you  lose  your  whole 
laptop  bag.  Backing  up  your  data  to 
an  online  storage  site  might  work,  but 
it  assumes  that  you’ll  have  an  Internet 
connection  when  you  need  to  back  up 
or  restore  —  and  that  you’ll  have  time 
to  download  all  that  data. 

So,  what’s  the  answer? 

The  best  way  to  protect  your  data  is 
to  back  up  to  a  secure,  encrypted,  bio¬ 
metric  USB  flash  memory  drive.  You 
can  carry  password-protected  flash 
storage  drives  in  your  pocket  so  they 
won’t  get  stolen  or  lost  along  with  your 
laptop.  They  are  relatively  fast  and 
pretty  cheap,  and  work  with  just  about 
every  PC  out  there.  And  the  conspicu¬ 
ous  fingerprint  scanner  on  the  outside 
not  only  safeguards  your  data  if  the 
drive  is  stolen,  but  acts  as  a  deterrent  to 
theft  as  well.  Some  of  these  disks  even 
come  with  software  that  enables  you 
to  plug  them  into  any  computer  and 
access  your  data  and  the  applications 
used  to  create  that  data  —  or,  at  the 
very  worst,  compatible  applications. 

Don’t  rely  on  faith,  hope  and  prayer 
when  it  comes  to  your  data  on  the  road 
—  and  don’t  believe  data  loss  won’t  hap¬ 
pen  to  you.  Yes,  protect  your  company. 
But  protect  yourself  as  well.  Don’t  get 
caught  with  your  laptop  down. » 

WANT  OUR  OPINION? 
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services  approach  has  \ 
ness  for  Abacus  International, 
H  the  company’s  director. 


Sabre  Holdings 


HEADQUARTERS:  Southlake,  Texas 


BUSINESS:  Travel  products  and  services 


EMPLOYEES:  9.000  in  45  countries 


REVENUE:  $2.5  billion  (2005) 


NET  EARNINGS:  S196  million  (2005) 


O  GET  A  SENSE  OF  HOW 
Web  services  is  radiating 
throughout  the  travel  industry, 
check  out  Abacus  International 
Pte.  Two  years  ago,  the  Singapore 
based  travel  facilitator,  which 
runs  15,000  travel  agencies  in 
the  Asia-Pacific  region,  gener¬ 
ated  just  1%  of  its  total  bookings 
online.  But  thanks  to  Web 
services-backed  travel  data 
Abacus  is  receiving  from  Sabre 
Holdings  Corp.,  its  online  book¬ 
ings  jumped  to  11%  of  its  trans¬ 
action  volume  in  2005  and  now 
represent  20%  of  its  total  volume 
says  Director  Lim  Lai  Hock. 

From  a  customer  support  per¬ 
spective,  the  costs  of  handling 
Web  services-based  transactions 
are  “much  lower,  and  bookings 
are  more  efficient,”  says  Lim. 
That’s  because  Web  services 
provide  a  level  of  automation 
that  isn’t  possible  with  main¬ 
frame-based  services,  which  re¬ 
quire  more  human  involvement. 
For  instance,  travel  agents  can 
use  Sabre  Web  services  to  con- 
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During  the  past  few  years,  as  Sabre  Holdings 
has  built  out  its  Web  services  infrastructure, 
the  company's  IT  department  has  also  been 
moving  from  traditional  waterfall  development 
techniques  to  an  agile  development  and  proj¬ 
ect  management  methodology. 

Sabre's  approach  to  agile  development 
draws  from  other  iterative  programming  tech¬ 
niques  such  as  UML,  which  focus  on  managing 
risks  through  rapid  development,  says  Sara 
Garrison,  senior  vice  president  of  products 
and  systems  delivery  at  Sabre.  Time  frames  for 
iterations  vary  but  can  be  as  short  as  a  week 
or  two,  with  close  collaboration  between  users 
and  developers.  Benefits  of  the  agile  approach 
include  components  that  can  be  reused  for 
other  projects,  she  says. 

As  Sabre  began  developing  a  runtime 
infrastructure  in  2004,  project  iterations  would 
typically  start  with  an  inception  phase  -  an 
evaluation  of  what  Sabre's  products  could  do 
in  a  Web  services  environment  -  followed  by 


an  elaboration  phase,  says  Andrew  Teel,  senior 
principal  architect  at  Sabre. 

Next  would  come  development.  Most  of  that 
work  has  been  done  in  the  U.S.,  although  some 
of  the  tools  were  built  by  Sabre  employees  and 
contractors  in  Bangalore,  India,  and  Krakow, 
Poland. 

Although  the  transition  has  been  successful, 
Sabre  has  faced  a  few  challenges,  says  Gar¬ 
rison.  For  example,  typically,  the  full  range  of 
system  requirements  isn’t  fully  explored  during 
an  agile  system  development  life  cycle.  User- 
interface  design  techniques,  for  instance,  are 
typically  treated  separately,  and  deployment 
into  production  isn’t  usually  addressed,  she 
says.  So  one  of  the  challenges,  Garrison  says, 
was  to  ensure  that  the  agile  process  captured 
the  full  range  of  system  requirements  -  “both 
those  tied  to  business  functions  and  those  tied 
to  the  underlying  stability  and  durability  of  the 
system.” 

-THOMAS  HOFFMAN 


duct  calendar-based  airfare  searches. 

In  the  past,  those  types  of  requests 
would  have  been  sent  to  a  customer 
service  agent. 

Abacus,  which  is  35%  owned  by 
Sabre,  is  just  one  of  more  than  1,000 
customers  that  have  been  using  Sabre’s 
Web  services  since  2005.  Travel  agents, 
airlines  and  other  travel  services  com¬ 
panies  are  finding  that  Web  services 
provide  faster  and  easier  access  to 
Sabre’s  global  distribution  system,  the 
world’s  largest  electronic  travel  reser¬ 
vation  system. 

For  Sabre,  Web  services  provide  an 
opportunity  to  break  away  from  its 
decades-old  approach  of  delivering 
mainframe-based  services  to  travel 
industry  customers  and  to  dispense 
new  products  and  enhanced  services 
that  can  spur  growth  and  generate  ad¬ 
ditional  revenue. 

For  example,  an  airline  that  uses 
Sabre’s  online  reservation  system  can 
now  tap  into  other  Sabre  applications 
more  easily  to  compare  fares  or  make 
hotel  reservations  for  its  customers, 
says  Gordon  Locke,  vice  president  of 
marketing  at  Sabre  Airline  Solutions  in 
Dallas. 

Taking  Flight 

Sabre’s  Web  services  effort  be¬ 
gan  as  a  research  and  develop¬ 
ment  project  in  2003  to  help 
company  executives  determine 
how  the  use  of  a  service-ori¬ 
ented  architecture  (SOA)  could  help 
its  customers  reduce  the  complexity 
and  expense  of  accessing  its  online 
products  and  services,  says  Andrew 
Teel,  senior  principal  architect  at  Sabre 
Holdings.  Additional  investments  in 
2004  enabled  Sabre  to  introduce  new 
and  expanded  travel  services  sup¬ 
ported  by  the  platform  in  2005.  Today, 
Sabre  offers  more  than  50  products 
and  services  to  its  clients  through  Web 
services,  including  fuel  and  inventory 
management  tools  for  airlines. 

Prior  to  the  Web  services  implemen¬ 
tation,  Sabre’s  electronic  customers 
had  to  negotiate  a  layer  of  its  communi¬ 
cations  software  to  get  at  the  data  they 
were  seeking  and  then  code  the  data  to 
a  specific  format  to  obtain  structured 
information,  says  Teel.  That  multistep 
process  made  it  much  more  difficult 
for  customers  to  integrate  content  with 
their  own  applications,  he  says,  adding, 
“We  saw  Web  services  as  a  way  to  get 
out  of  that  model.” 

Teel,  who  has  overseen  the  multi- 
million-dollar  effort,  says  Web  services 
have  enabled  Sabre  to  create  business 
models  for  its  products  based  on  its 
clients’  abilities  to  obtain  information 


themselves.  This,  he  says,  “has  allowed 
us  to  attract  more  customers  while 
providing  our  existing  customers  more 
flexibility  in  integrating  our  content 
into  their  systems  and  business  activi¬ 
ties.” 

Despite  its  move  into  Web  services, 
Sabre  doesn’t  have  any  immediate 
plans  to  discard  its  IBM  and  Amdahl 
mainframes,  which  are  managed  and 
operated  by  Electronic  Data  Systems 
Corp.  “With  such  a  high  volume  of  data 
and  applications,  it’s  going  to  take  a 
while  to  transition  our  customers  off 
the  mainframe,”  says  Teel.  But  Web 
services  have  provided  the  company 
with  an  opportunity  to  distribute  more 
of  its  processing  onto  lower-cost  mid¬ 
range  and  Linux  systems  that  use  Java, 
Teel  explains.  Some  of  the  services  that 
Sabre  has  moved  onto  its  midrange 
platforms  include  its  airfare  and  hotel 
shopping  and  pricing  systems. 

The  result  has  been  dramatic. 

“We’ve  seen  tremendous  growth 
over  the  past  18  months,”  says  Allen 
Appleby,  director  of  customer  access 
and  content  solutions  for  the  marketing 
arm  of  Sabre’s  travel  industry  group. 
The  number  of  travel  agents  and  other 
Sabre  customers  using  Web  services- 
driven  online  reservations  engines,  call 
center  systems  and  other  applications 
has  skyrocketed  500%  since  early  2005, 
he  says.  He  expects  Sabre  to  add  300 
new  online  customers  over  the  next 
three  years  thanks  to  Web  services. 

Sabre  “is  probably  one  of  the  more 
aggressive,  forward-looking”  travel 


companies  in  terms  of  its  Web  services 
strategy,  says  Ronald  Schmelzer,  an 
analyst  at  ZapThink  LLC,  a  Waltham, 
Mass.-based  SOA  research  and  advi¬ 
sory  firm. 

But  Sabre  is  certainly  not  alone.  At 
least  two  of  its  travel  industry  com¬ 
petitors  —  Galileo  International  LLC 
and  Unisys  Corp.  —  began  providing 
Web  services  to  their  customers  before 
Sabre  did,  according  to  Forrester  Re¬ 
search  Inc.  analyst  Henry  Harteveldt. 

But  pioneering  Web  services  in 
the  travel  industry  may  not  neces¬ 
sarily  create  competitive  advantage, 
Harteveldt  says.  Sabre  has  embraced 
a  set  of  Web  services  standards  being 
developed  by  the  OpenTravel  Alliance 
(OTA).  And  because  there  are  such 
extensive  interrelationships  among 
airlines,  hotels  and  other  travel-related 
companies,  “being  a  fast  follower  might 
be  better  for  [Sabre]”  as  the  OTA  stan¬ 
dards  become  more  widely  adopted, 
Harteveldt  says. 

In  December,  Sabre  announced  its 
acquisition  by  Silver  Lake  Partners 
and  Texas  Pacific  Group.  Silver  Lake 
Managing  Director  Greg  Mondre  cited 
Sabre’s  use  of  technology  “as  a  com¬ 
petitive  advantage  and  value-add  for 
customers.” 

Self-propelled 

nlike  many  companies  in  other 
industries  that  have  created 
Web  services  platforms  with 
the  help  of  off-the-shelf  tools, 
Sabre  elected  to  develop  its 
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own  runtime  infrastructure  —  the 
middleware  needed  to  run  Web  ser¬ 
vices.  A  couple  of  factors  played  into 
this  decision,  explains  Teel. 

For  starters.  Sabre  has  a  massive  vol¬ 
ume  of  data  transactions  —  at  one  time, 
Sabre’s  mainframe-based  Real-Time 
System  was  the  largest  system  in  terms 
of  transaction  volume  outside  the  fed¬ 
eral  government.  (One  day  in  early  Oc¬ 
tober,  Sabre  Web  services  hit  a  new  in¬ 
ternal  record  by  processing  21  million 
transactions  in  a  single  day.)  So  it  made 
more  sense  for  Sabre  to  create  its  own 
runtime  layers  and  then  tailor  them  to 
meet  the  needs  of  its  businesses,  which 
include  Travelocity,  Sabre  Airline  Solu¬ 
tions  and  Sabre  Travel  Network  (in¬ 
cluding  its  global  distribution  system). 

The  state  of  the  art  in  Web  services 
also  played  a  role.  In  late  2003  and 
early  2004,  when  Teel  and  his  team 
evaluated  the  commercial  tools  then 
available  to  help  develop  a  Web  ser¬ 
vices  infrastructure,  “we  determined 
that  the  market  was  fairly  immature,” 
says  Teel.  At  the  time,  he  says,  Sabre 
had  difficulty  finding  commercial  sys¬ 
tems  that  could  meet  its  gargantuan 
performance  and  transaction-volume 
requirements. 

But  building  your  own  Web  ser¬ 
vices  infrastructure  is  not  necessarily 
onerous,  says  ZapThink’s  Schmelzer. 
Companies  that  have  gotten  immersed 
in  Web  services  often  discover  that 
they’re  able  to  draw  heavily  upon  their 
existing  IT  infrastructures,  he  explains. 
“You  don’t  need  a  whole  lot  of  new  mid¬ 
dleware  to  make  SOA  work,”  he  says. 

Fortunately  for  Teel,  he  didn’t  have 
to  do  any  external  recruiting  to  build 
Sabre’s  Web  services  platform.  “We 
had  a  set  of  team  members  who  had 
already  been  doing  quite  a  bit  of  XML 
and  SOAP  work,  and  we  leveraged  that 
team  to  come  together  and  build  the 
foundational  infrastructure,”  says  Teel. 

Sabre’s  Web  services  layer  is  a  full 
Java  implementation.  The  company 
uses  Apache  Tomcat  servers  running 
Linux.  There’s  also  a  layer  of  C++  code 
used  to  integrate  applications  with 
Sabre’s  mainframe  systems. 

Looking  ahead,  Sabre  plans  to  add 
other  capabilities  for  its  customers,  and 
it  will  emphasize  orchestrating  various 
functions  through  Web  services,  such 
as  the  ability  for  travel  agents  to  easily 
shop  for  airfares  and  hotel  rates  at  the 
same  time,  says  Chief  Technology  Of¬ 
ficer  Robert  Wiseman,  who  joined  the 
company  in  May  from  Cendant  Corp. 

“Our  business  is  about  delivering 
the  best  content  we  can  in  the  most 
efficient  way  possible,”  says  Wiseman. 
“Web  services  can  do  that  for  us.”  » 
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ommon  misconceptions  about 
the  role  often  doom  novices. 


It's  an  old  story:  Bril¬ 
liant  individual  contrib¬ 
utor  gets  promoted  to  IT 
manager,  then  crashes 
and  burns.  But  why?  For  15  years.  Har¬ 
vard  Business  School  professor  Linda  A. 
Hill  has  studied  workers  struggling  with 
the  transition  to  management.  Difficult 
as  that  shift  has  always  been,  she  says, 
it  has  become  even  harder  as  companies 
have  gotten  leaner,  less  siloed  and  more 
integrated  with  customers  and  suppli¬ 
ers.  In  this  month's  Harvard  Business 
Review,  Hill  writes  that  although  most 
new  managers  see  themselves  as  lead¬ 
ers,  use  the  rhetoric  of  leadership  and 
feel  its  burdens,  they  just  don’t  get  it.  She 
explained  why  to  Kathleen  Melymuka. 

Here  I  am  in  my  first  day  as  an  IT  manager 
after  a  stellar  career  as  an  individual  per¬ 
former.  What’s  going  to  shock  me?  One 

thing  is  that  there  is  a  lot  more  to  be 
learned  than  you  had  anticipated.  The 
gap  between  what  you  know  and  what 
you  need  to  know  is  greater  than  you 
thought,  and  you  will  need  to  learn 
while  doing.  Another  thing:  IT  people 
who  are  technical  often  assume  that 
their  technical  knowledge  is  going  to 
be  enough  —  “I  am  the  most  expert  of 
the  tech  experts  and  will  use  my  tech¬ 
nical  judgment  to  deal  with  difficult 
problems.”  Yes,  but  there  will  also  be 
human  problems  where  your  technical 
talents  are  not  the  ones  needed. 

The  other  shock  is  how  negative  this 
all  feels.  The  problems  are  those  others 
couldn’t  solve.  Only  the  things  that  are 
broken  come  to  you. 


You  write  that  this  transition  is  even  harder 
now  than  it  used  to  be.  Why?  Being  a 
manager  has  become  harder.  Orga¬ 
nizations  are  much  more  dynamic. 

The  competitive  environment  is  more 
dynamic.  Organizations  are  having 
to  adapt  faster  than  in  the  past.  As  a 
manager,  you  have  to  figure  out  how 
that  relates  to  what  your  group  is  do¬ 
ing,  particularly  with  IT,  which  is  in  a 
support  role.  Support  positions  often 
are  lower  in  power  relative  to  line  posi¬ 
tions,  so  you  have  to  be  reactive;  you 
have  to  adapt  to  them. 

On  other  hand,  you  also  need  to  have 
your  own  point  of  view  about  what 
matters  and  be  proactive,  so  balanc¬ 
ing  that  in  a  dynamic  environment  is 
really  tricky.  Also,  in  many  organiza¬ 
tions,  you  see  more  integration  across 
functions  and  geographies.  As  organi¬ 


zations  try  to  do  things  in  a  more  inte¬ 
grated  way,  more  stakeholders  are  in¬ 
terested  in  what  you’re  doing,  and  they 
all  have  competing  interests.  You,  as 
the  IT  manager,  have  to  manage  those 
trade-offs  with  all  these  peer  organiza¬ 
tions  where  you  may  not  represent  the 
high-power  group.  That’s  really  hard. 

Let's  talk  about  some  of  the  misconceptions 
new  managers  bring  to  the  job.  What  do 
they  get  wrong  about  their  own  author¬ 
ity?  Often,  you  have  a  sense  that  with 
more  authority  [as  a  manager],  you 
could  implement  some  good  ideas  and 
improve  things. 

But  soon  you  discover  that 
formal  authority  is  a  limited  source 
of  power.  So  instead  of  being  free  to 
implement  your  ideas,  you  feel  quite 
constrained  and  don’t  have  as  much 
influence  as  you  anticipated.  Then 
you  realize  that  you  have  to  establish 
credibility  to  get  things  done.  And 
you’re  the  little  boss,  not  the  big  boss. 
You  were  at  the  top  of  the  hierarchy, 
but  now  you’re  actually  at  bottom  of 
a  bigger  hierarchy.  And  the  groups 
you  need  to  depend  on  are  those  over 
whom  you  have  no  formal  authority: 
peers  and  bosses. 

And  that's  not  to  say  you  have  control  over 
your  direct  reports  either,  right?  No,  you 

don’t.  And  the  more  talented  they  are, 
the  less  they’re  going  to  do  what  you 
told  them  to  do  just  because  you  told 
them  to.  You  may  have  moved  into  a 
management  role  because  you’re  good 
at  technology,  but  suddenly  people 
seem  to  be  questioning  your  tech  cred¬ 
ibility.  They  trusted  you  yesterday,  but 
not  today,  because  they  don’t  know  if 
you’re  trustworthy  in  your  new  role. 
New  managers  are  surprised  and  of¬ 
fended  to  find  that. 

You  need  to  build  that  credibility 
—  build  sources  of  power.  In  IT,  you 
need  your  people  to  use  their  judgment 
and  take  risks,  and  people  only  do  that 
when  they  buy  into  what  you’ve  asked. 
Rather  than  establish  control,  you 
need  to  get  their  commitment.  Build  a 
culture  where  people  feel  committed 
rather  than  under  the  hard  control  of 
authority. 

Talk  about  building  individual  relation¬ 
ships  versus  building  a  team.  One  of  most 
common  mistakes  I  see  is  new  manag¬ 
ers  think,  “There  are  20  people  in  my 
group,  so  I  need  to  establish  a  good 
relationship  with  each  of  the  20.”  So 
you  literally  try  to  have  contact  with 
each  individual.  That’s  difficult  and 
time-consuming  and  not  the  same  as 
harnessing  the  power  of  the  group  to 


get  things  done.  If  you  have  20  indi¬ 
vidual  conversations  about  priorities, 
that’s  not  the  same  as  if  the  group  had 
heard  the  arguments  and  had  a  dis¬ 
cussion  and  bought  into  the  decision 
together.  Also,  to  the  extent  that  tech 
people  are  less  comfortable  with  deal¬ 
ing  with  interpersonal  conflict,  some 
new  managers  will  deal  with  conflict 
one  on  one  but  not  during  a  team 
meeting.  That  means  you  don’t  have  a 
constructive  discussion,  and  people  go 
off  still  holding  whatever  their  position 
was.  Finally,  new  IT  managers  often 
define  a  problem  as  a  tech  problem 
when  there  is  also  an  interpersonal 
trust  matter.  Because  you  keep  looking 
at  tech  issues,  you  don’t  look  at  what’s 
going  wrong  in  relationships. 

You  write  that  new  managers  also  errone¬ 
ously  think  they  have  to  make  things  run 
smoothly.  Not  so?  First  off,  you  can’t. 

Part  of  the  mistake  is  you  think  you 
need  to  avoid  conflict.  But  organiza¬ 
tions  are  inherently  political:  There 
is  a  diversity  of  perspectives,  there  is 
interdependence,  and  there  is  competi¬ 
tion  for  scarce  resources,  and  in  today’s 
organizations,  there  is  more  of  each. 

So  by  definition,  organizations  are 
conflictual.  You  can’t  avoid  conflict; 
you  have  to  deal  with  it.  Your  job  as 
manager  is  to  manage  those  conflicts 
and  get  things  negotiated  properly.  You 
have  to  represent  your  group  as  well  as 
do  what’s  best  for  the  organization.  If 
everything  is  going  smoothly,  chances 
are  not  you’re  dealing  with  the  tough 
stuff. » 

A^rnty 

One  new  manager  told  researcher 
Linda  A.  Hill  that  the  source  of 
managerial  power  is  “everything  but” 
formal  authority.  So,  from  where  do 
successful  managers  derive  their 
power?  Hill  has  discovered  three 
qualities  that  contribute: 

CHARACTER.  The  intention  to  do  the 
right  thing  -  something  that’s  par¬ 
ticularly  important  to  subordinates. 

COMPETENCE.  Knowing  how  to  do 
the  right  thing  -  not  to  be  confused 
with  technical  prowess. 

INFLUENCE.  The  ability  to  deliver  and 
execute  the  right  thing,  derived  from 
a  web  of  strong,  interdependent  rela¬ 
tionships  based  on  trust. 
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Sirota’s  Top  Six  Workplace  Myths: 

1.  Praise  can  serve  as  a  substitute  for  money  in  motivating  employees. 

2.  Employees’  immediate  managers  are  the  cause  of  most  workers'  problems. 

3.  Employees  who  complain  about  their  pay  are  really  unhappy  about  something  else. 

4.  There  are  major  differences  between  generations  in  what  people  want  from  their  jobs. 

5.  There  are  major  differences  between  cultures  and  countries  in  what  people  want  from  their  jobs. 

6.  Profit-sharing  is  a  major  motivator  of  employee  performance. 

SOURCE:  SIROTA  SURVEY  INTELLIGENCE 


No.  of  HR 
managers  who 
believe  it 

74% 

73% 

67% 

67% 

63% 

60% 


LOT  OF  human  resource 
managers  believe  that  a  bo¬ 
nus  can  consist  of  one  or  two 
words:  “Thanks"  or  “Thank 
;you."  According  to  Sirota  Sur¬ 
vey  Intelligence  in  Purchase,  N.Y.,  74°/o 
of  the  150  HR  managers  it  surveyed 
last  month  said  they  believe  praise  can 
substitute  for  money.  That's  wrong, 
says  Sirota,  and  it’s  not  the  only  myth 
or  half-truth  that  HR  folks  cling  to. 

“Neither  praise  nor  money  alone 
are  sufficient  to  satisfy  employees," 
says  David  Sirota,  chairman  emeritus  of  the 
company  and  co-author  of  The  Enthusiastic 


THANKS’ 

DOESNT 


Employee:  How  Companies  Profit  by 
Giving  Workers  What  They  Want  He 
says  the  vast  majority  of  employees 
seek  three  basic  things  from  their  jobs: 
pride  in  their  work;  positive  and  pro¬ 
ductive  relationships  with  co-workers; 
and  fair  treatment  when  it  comes  to 
pay,  benefits  and  job  security. 

“A  ‘thank  you’  from  the  boss  does 
not  replace  money,  and  money  cannot 
substitute  for  praise,”  Sirota  says.  “All 
of  these  needs  are  critical.  There  are 
no  significant  differences  in  the  three 
basic  goals  that  people  want  from  their  work  by 
occupation,  industry,  age,  gender  or  culture." 


Most  of  the  computer  products  or  devices  that 
we  use  are  designed  by  men,  although  half  of 
the  users  are  women.  People  ask  why  we  need 
more  women  in  computer  science,  and  it  is  because  we 
need  more  women  who  can  build  and  design  technology 
products,  as  well  as  to  sell  and  manage  them. 

PROFESSOR  WENDY  HALL,  HEAD  OF  ELECTRONIC  AND  COMPUTER  SCIENCE  AT  ENG¬ 
LAND'S  SOUTHAMPTON  UNIVERSITY,  SPEAKING  TO  BRITAIN'S  PUBLICTECHNOLOGY.NET 
PUBLIC-SECTOR  NEWS  SITE.  AS  IN  THE  U.S..  THE  U.K.’S  IT  WORKFORCE  IS  DOMINATED  BY 
MEN.  IN  BRITAIN.  ONLY  ONE-FIFTH  OF  THE  IT  WORKFORCE  IS  FEMALE. 


Paul  Taylor 

TITLE:  Regional 
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vice  president 
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Q&A 

Veteran  IT  recruiter 
Paul  Taylor  keeps  his 

finger  on  the  pulse  of  IT  hiring  trends  in 
the  field.  He  spoke  with  contributing  editor 
Jamie  Eckle  about  the  IT  job  market. 

IT  leaders  have  long  talked  about  the 
need  for  both  hard  and  soft  skills. 
What’s  your  take  on  the  proper  mix? 

As  the  world  becomes  smaller,  so  does  the 
workplace.  Business  processes  and  areas  of 
expertise  are  increasingly  overlapping,  with 
technology  tying  it  all  together.  Service- 
oriented  applications  and  architectures 
depend  on  the  proper  definition  of  business 
processes  and  their  successful  modeling.  No 
longer  can  IT  stand  alone  in  determining  what 
comprises  a  system;  that  must  be  done  hand 
in  hand  with  the  business.  Consequently,  it  is 
increasingly  important  that  technology  pro¬ 
fessionals  possess  both  technical  expertise 
and  business  acumen.  Individuals  that  will 
succeed  in  this  ever-changing  market  will 
have  a  strong  technical  background,  business 
aptitude  and  interpersonal  skills. 

Are  you  having  any  difficulty  in  finding 
that  mix?  Are  there  particular  sources 
that  produce  more  ideal  IT  profes¬ 


sionals?  It  has  always  been  difficult  to  find 
the  “correct”  mix  in  any  given  market.  The 
challenge  that  recruiters  always  face  is  finding 
the  right  mix  to  meet  the  individual  client’s 
corporate  culture.  Organizations  that  typically 
produce  IT  professionals  that  have  the  aptitude 
to  adapt  to  a  variety  of  cultures  and  possess 
technical  expertise  with  business  savvy  are  still 
the  Big  Four  consulting  firms  and  Fortune  500 
organizations  that  have  very  mature  IT  leader¬ 
ship  development  programs.  However,  the 
best  sources  to  find  the  proper  blend  remain 
networking  and  personal  referrals. 

There  seems  to  be  a  disconnect  between 
the  image  many  in  IT  try  to  project  -  dy¬ 
namic  personalities  using  cutting-edge 
technology  -  and  the  image  the  public 
perceives.  Based  on  current  computer 
science  enrollments,  the  public’s  percep¬ 
tion  seems  to  be  largely  negative.  Why 
is  that?  Public  perception  can  be  broken  into 
two  parts.  First  is  the  image  of  IT  professionals 
within  companies.  IT’s  roots  are  in  the  back 
rooms,  where  there  was  little  interaction  with 
the  business  at  large.  While  that  has  changed 
for  the  most  part,  even  today,  only  organiza¬ 
tions  that  really  value  IT  will  place  the  team  and 
its  leadership  in  highly  visible  roles.  The  second 
part  of  IT’s  negative  perception  is  based  on 
the  fact  it  appears  to  be  a  bleak  career.  The 
decline  in  enrollment  is  a  direct  reflection  of  the 
offshoring  trend  as  well  as  the  massive  layoffs 
during  the  dot-com  bust. 

While  there  may  be  a  decline  in  computer 
science  majors,  the  number  of  business  stu¬ 
dents  has  not  declined,  and  these  students  will 
become  part  of  the  future  of  IT.  Well  versed  in 
technology,  these  business  majors  will  lead  in 
the  development  of  the  processes  to  propel 
business  forward. 


BY  2009,  THERE  WILL  BE  17  MILLION  developers 
worldwide,  according  to  projections  by  Evans  Data 
Corp.  in  Santa  Cruz,  Calif.  That’s  nearly  equal  to 
the  entire  population  of  metropolitan  New  York,  a 
sprawling  area  that  includes  New  York  City,  its  sub¬ 
urbs  in  New  York  and  southwestern  Connecticut, 
Long  Island,  northern  New  Jersey  and  even  bits  of 
Pennsylvania. 

The  countries  with  the  most  developers  in  2009 
will  be  the  U.S.,  India  and  China,  which  will  sup¬ 
plant  Japan  in  the  top  three,  according  to  Evans. 

All  told,  those  17  million  developers  will  represent 
an  increase  of  46%  from  2005. 


81%, 15% 


Increases  in 
the  number  of 
developers  in  the 
Asia-Pacific  region 
and  North  America, 
respectively,  from 
2005  to  2009. 
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EXEC  TRACK 


Schuckenbrock  to 
Lead  Dell  Services 

STEVE  SCHUCKENBROCK 

has  been  named  senior  vice 
president  of  global  services 
at  Dell  Inc.  He  will  report  to 
CEO  Kevin  Rollins  and  serve 
as  a  member  of  the  Dell  Global 
Executive  Management  Commit¬ 
tee.  Previously,  Schuckenbrock 
was  co-chief  operating  officer 
and  executive  vice  president 
of  global  sales  and  services  at 
Electronic  Data  Systems  Corp. 
Before  that,  he  was  COO  at  The 
Feld  Group  Inc.  and  global  CIO 
at  PepsiCo  Inc. 


Parexel  International 
Names  Rieder  CIO 

Parexel  International  Corp.,  a 
Waltham,  Mass.-based  global 
biotechnology  and  pharmaceuti¬ 
cal  company,  has  appointed 
CHRISTOPHER  RIEDER  to  the 
newly  created  post  of  CIO.  Previ¬ 
ously,  Rieder  was  vice  president 
of  IT  at  Kos  Pharmaceuticals  Inc. 
He  also  held  senior  IT  manage¬ 
ment  positions  at  BRI  Interna¬ 
tional  Inc.  and  North  American 
Vaccine  Inc. 


Cliburn  Is  Tapped 
To  Be  Ceridian’s  CTO 

Ceridian  Corp.,  a  Minneapolis- 
based  human  resources  out¬ 
sourcing  company,  has  named 
PERRY  CLIBURN  executive  vice 
president  and  chief  technology 
officer.  He  will  report  to  CEO 
Kathryn  V.  Marinello.  Previously, 
Cliburn  was  senior  vice  president 
and  CIO  at  Hewitt  Associates 
Inc.  Prior  to  that,  he  held  senior 
IT  leadership  positions  at  First 
Data  Corp.  and  Arthur  Andersen 
LLP. 


Market  Research  Firm 
Picks  Micali  for  CIO 

Taylor  Nelson  Sofres  PLC,  a 
London-based  market  research 
company,  has  appointed  ENZO 
MICALI  CIO  of  its  North  Ameri¬ 
can  custom  research  business  in 
New  York.  Previously,  Micali  was 
CIO  at  1-800-Flowers.com  Inc. 
and  chief  technology  officer  at 
InsLogic,  a  business-to-business 
software  provider. 


Managing  the 
Path  to  Wisdom 


PAUL  GLEN 


EACH  OF  US  wants  to  work  for,  be  and/or 

become  a  wise  manager.  One  of  the  most  im¬ 
portant  yet  frequently  neglected  responsibili¬ 
ties  of  leadership  is  developing  managerial 
capacities  —  our  own,  those  of  managers  who 
work  for  us  and  those  of  future  managers.  Vital,  grow¬ 
ing  and  sustainable  organizations  need  a  steady  supply 
of  managerial  talent. 


I’ve  spent  a  lot  of  time 
over  the  past  few  years 
observing,  probing  and 
thinking  about  how  lead¬ 
ers  can  and  do  address  this 
issue  given  the  practical 
constraints  of  business 
life.  What  I’ve  noticed  is 
that  mostly  people  don’t 
get  around  to  it  very  often, 
and  when  they  do,  they 
pay  attention  in  spasmodic 
bursts  of  goodwill  that  dis¬ 
sipate  quickly.  They  are 
so  busy  with  day-to-day 
exigencies  that  long-term 
obligations  remain  forever 
a  second  priority. 

Interestingly,  when  lead¬ 
ers  do  get  around  to  work¬ 
ing  on  this,  I’ve  noticed  that  most  seem 
to  assume  that  managerial  wisdom 
comes  from  one  end  or  the  other  of  the 
learning  spectrum. 

At  one  end  is  experience.  I’m  sure 
that  experience  is  a  great  teacher,  but 
I’m  not  so  sure  how  reliable  a  measure 
of  smarts  it  is.  So  much  depends  on 
whether  the  student  has  been  paying 
attention.  We  all  know  plenty  of  people 
who  have  lots  of  experience  but  little 
wisdom  to  show  for  it.  Just  because  re¬ 
ality  has  washed  over  your  decks  and 
you  have  survived  doesn’t  necessarily 
imply  that  you’ve  learned  much  about 
smooth  sailing. 

Leaders  and  organizations  operating 
under  this  assumption  predictably  try 
to  cultivate  new  managers  by  either  se¬ 


lecting  them  based  on  their 
experience  or  attempting 
to  develop  them  by  creat¬ 
ing  opportunities  for  new 
experiences.  They  design 
rotation  programs,  assign 
mentors  and  select  work 
assignments  carefully. 

At  the  other  end  of  the 
spectrum  is  the  academy. 
Here,  the  empty  vessel  of 
the  mind  is  filled  with  the 
facts,  theories,  models  and 
ideas  of  the  learned  pro¬ 
fessor  and  the  prestigious 
institution.  Formal  educa¬ 
tion  offers  an  opportunity 
to  absorb  information  and 
thus  generate  wisdom.  The 
proxies  for  measuring  this 
sort  of  learning  are  a  combination  of  ac¬ 
credited  degrees,  industry  certifications 
and  butt-in-seat  time.  Of  course,  these 
also  prove  to  be  limited  measures  of 
smarts.  We  all  know  people  with  lots  of 
letters  after  their  names  who  can’t  seem 
to  put  together  a  coherent  thought,  let 
alone  react  wisely  to  real-life  situations. 

Leaders  and  organizations  operat¬ 
ing  under  the  assumption  that  formal 
learning  begets  wisdom  also  respond 
predictably.  They  hire  and  promote 
keeping  one  eye  on  the  candidate  and 
the  other  on  his  transcripts.  They 
invest  in  training  programs,  pay  for 
degree  programs  and  send  people  to 
industry  conferences. 

Despite  the  good  intentions  and  hard 
work  of  everyone  involved,  the  success 


of  each  type  of  initiative  often  seems 
modest,  or  at  least  less  dramatic  than 
one  would  want.  It  seems  to  me  that  a 
few  key  problems  make  this  so. 

Experience  is  just  experience  unless 
its  lessons  are  processed  and  absorbed. 

Doing  this  requires  focused  reflection 
—  just  what  busy  managers  have  no 
time  for. 

Theory  often  doesn’t  connect  to  reality. 

No  matter  how  good  academic  ideas 
are,  if  they  remain  confined  to  the  dis¬ 
crete  universe  of  the  classroom,  they 
offer  no  practical  help. 

Learning  to  lead  requires  sustained  en¬ 
gagement.  But  what  we  typically  give  it 
is  short,  intense  engagement.  Insights 
not  revisited  and  reinforced  over  time 
are  easily  lost. 

I’d  like  to  suggest  an  alternative  to 
either  of  the  extremes. 

1.  Recognize  that  neither  side  of  the 
spectrum  has  a  corner  on  the  best  results. 

What  seems  to  work  best  is  a  combina¬ 
tion  of  experience  and  theory.  When 
they  meet  up,  people  learn  the  most. 

2.  Encourage  frequent  engagement  with 
the  topic.  A  little  time  every  week  prob¬ 
ably  is  better  than  a  lot  of  time  once  a 
year.  The  more  regularly  people  think 
about  their  experiences  and  manage¬ 
ment  theory,  the  more  likely  they 

will  actually  develop  their  minds  and 
change  their  behavior. 

3.  Encourage  conversations.  A  little 
time  talking  to  another  person  can  of¬ 
ten  spur  thoughts  that  might  take  each 
individual  hours  or  days  to  develop  on 
his  own. 

Developing  good  managers  need  not 
be  an  onerous  job,  but  it  requires  regu¬ 
lar  low-level  consideration.  You  may 
do  the  most  good  by  focusing  your  at¬ 
tention  on  creating  an  environment  in 
which  people  recognize  that  learning 
is  valued,  possible  and  expected  —  no 
heroics  required. » 


WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives  go  to: 

www.computerworld.com/columns 


PAUL  0LEN  is  the  founder  of 
the  6eekLeaders.com  Web 
community  and  the  author 
of  the  award-winning  book 
Leading  Geeks:  How  to  Man¬ 
age  and  Lead  People  Who 
Deliver  Technology  (Jossey- 
Bass,  2003).  Contact  him  at 
info@paulglen.com. 


THE  PORT  AUTHORITY  OF  NEW  YORK  AND  NEW  JERSEY 

REQUEST  FOR  PROPOSALS  (RFP#  12016)  FOR  HOSTED  MICROSOFT 
EXCHANGE  E-MAIL  AND  ADMINISTRATION  SERVICES 

The  Port  Authority  is  seeking  proposals  from  qualified  firms  interested  in  providing  Hosted  Microsoft  Exchange 
E-mail  and  Administration  Sen/ices. 

The  successful  firm  will  provide  high  quality,  secure,  reliable  and  highly  available  (24x7)  hosted  Microsoft 
Exchange  E-mail  and  administration  services  with  the  vendor's  off-site  data  center  facilities  and  server 
infrastructure  (located  within  the  continental  United  States)  to  provide  Microsoft  (MS)  Exchange  mail  to 
the  Port  Authority  with  features  of  Exchange/Outlook,  including  calendaring  and  scheduling  with  conference 
rooms,  public  folders,  distribution  lists,  contacts,  Active  Directory  for  the  MS  Exchange  resource  domain/forest 
structure,  with  hosted  or  third  party  spam  protection  and  virus  protection  services.  Access  to  this  environment 
is  currently  via  dedicated  circuits  using  Outlook  MAPI  client  access.  Outlook  Web  Access,  and  wireless 
access  (BlackBerry  Enterprise  Server).  Outlook  desktop  administration  is  not  being  provided  through  this 
service.  However,  interface  with  the  Authority’s  Help  Desk  to  determine  and  resolve  2nd  and  higher-level 
sen/ice-related  problems,  including  MS  Exchange/Outlook,  is  required.  Contract  term:  3-year  base  period 
term  with  options. 

The  Port  Authority  will  conduct  a  pre-proposal  meeting  for  all  parties  interested  in  submitting  proposals  to 
this  RFP,  which  will  commence  on  January  12,  2007,  at  1 :00  P.M.  sharp.  All  interested  parties  shall  meet 
at  the  Procurement  Department,  Purchasing  Services  Division,  Port  Authority  of  New  York  &  New  Jersey, 
One  Madison  Ave.,  Seventh  floor,  New  York,  N.Y.  10010. 

Interested  parties  shall  contact  Nadine  Aziz  at  (212)  435-3934.  or  e-mail  naziz@Danvni.aov.  Monday  through 
Friday  between  the  hours  of  8:00  A.M.  and  4:00  P.M.  to  confirm  their  attendance  and/or  to  receive  traveling 
directions.  Two  forms  of  photo  ID  are  required  to  gain  access  to  the  building,  no  exceptions  permitted. 

Sealed  proposals  will  be  accepted  at  the  address  indicated  below  until  2:00  pm  February  1 5, 2007.  Documents 
can  be  requested  via  e-mail  at  askforbids@Danvnj.oov  or  you  can  fax  your  proposal  request  to  212-435- 
3959.  Reference  RFP#  12016  on  all  requests.  Send  bids  to:  The  Pori  Authority  Of  NY  &  NJ,  Purchasing 
Services  Division,  Procurement  Department,  One  Madison  Avenue,  7th  Floor,  New  York,  NY  10010 


LEAD  APPLICATIONS  CONFIG¬ 
URATOR  (SIEBEL™  e-CON- 
SUMER  GOODS)  A 
Massachusetts-based  company 
involved  in  the  worldwide 
research,  development,  manufac¬ 
ture,  marketing  and  sale  of  audio 
products  and  technologies,  seeks 
a  Lead  Applications  Configurator 
(Siebel™  e-Consumer  Goods). 
This  highly-technical  lead  posi¬ 
tion  involves  the  analysis,  design, 
configuration,  implementation, 
support,  and  documentation  of 
the  functional  software  modules 
relevant  to  a  load  balanced,  n- 
tiered  multi-server  Siebel  e- 
Consumer  Goods  application 
environment  running  on  an 
Oracle  8i  /  Unix  platform.  This 
position  supports  highly-dynamic 
field  sales  and  multi-site  call  cen¬ 
ter  operations,  and  project  teams, 
analyzing  needs  and  require¬ 
ments,  and  then  implementing 
Siebel-specific  configuration  solu¬ 
tions.  It  also  calls  for  ongoing  24- 
hour  /  7-day  phone-available  sup¬ 
port  coverage.  Minimum  educa¬ 
tion  required  is  a  Bachelor's 
degree  in  Computer  Science, 
MIS,  Mathematics,  or  similarly 
relevant  field.  Experience 
required  is  eight  (8)  years  of  rele¬ 
vant  pre-  or  post-degree  experi¬ 
ence  (or  a  relevant  Master's-level 
program  and  6  years  experience 
may  be  substituted  in  lieu  of  8 
years  experience)  involving  multi- 
platform  systems  analysis  and 
programming  of  business  sys¬ 
tems,  at  least  four  (4)  years  of 
which  specifically  involved 
Siebel™  configuration  and  script¬ 
ing  for  direct-to-consumer  busi¬ 
ness  production  support,  and 
included  multi-site  Siebel 
CTConnect's  Computer  Telephony 
Integration  (Cil).  Specifically 
required  is  the  demonstrated  abil¬ 
ity  to:  configure  and  deploy 
Siebel™  e-Consumer  Goods  v. 
7.5.2.2xx  release  in  a  Resonate™ 
load-balanced  multi-server  envi¬ 
ronment;  configure  and  support 
Siebel  Sync  and  Siebel  Anywhere 
for  a  mobile  client  user  communi¬ 
ty;  perform  Siebel™  6.x  - 
7.5.2.2xx  upgrades  on  a  hetero¬ 
geneous,  n-tiered  infrastructure 
utilizing  an  Oracle™  8i  database, 
configure  and  deploy  Siebel™ 
Sales  Handheld  for  Windows  on 
handheld  devices;  and  support 
multi-application  call  center  and 
field  sales  operations  using 
Autosys  to  create  batch  process¬ 
ing,  Precise  to  monitor  and  tune  a 
database,  and  Business  Objects 
to  customize  transactional  analyt¬ 
ics  reports.  Annual  base  salary 
is  $96,300,  for  5  day/40  hour 
week,  together  with  ten  (10)  days 
paid  vacation,  contributory  med¬ 
ical  and  life  insurances,  and  other 
industry-competitive  benefits. 
Job  Location:  Framingham,  MA. 
Qualified  applicants  should  send 
resume  referencing:  Job  Order 
Number  36461673  and  ETA  Case 
Number  P-051 74-83072BHo,  by 
fax  to:  (484)  270-1600  or  by  mail 
to:  Backlog  Elimination  Center, 
Employment  &  Training 
Administration,  Division  of 
Foreign  Labor  Certification,  1 
Belmont  Avenue,  Suite  220,  Bala 
Cynwyd,  PA  19004.  An 
EOE/MFHV. 


SOFTWARE  ENGINEER,  Multiple 
Openings.  Job  located  in  Newark, 
Delaware  and  various  unanticipat¬ 
ed  client  sites  throughout  the  United 
States.  Research,  design,  develop 
and  test  software/systems  applica¬ 
tions  in  a  client/server  environment; 
will  also  design,  implement  and 
maintain  various  programming  and 
operating  systems;  will  work  inde¬ 
pendently  testing  and  developing 
software/systems  applications  in 
accordance  with  project  specifica¬ 
tions;  will  oversee  systems  imple¬ 
mentation  and  prepare  project  status 
reports  and  formal  presentations  as 
required;  will  communicate  project 
specifications  effectively  with  project 
team.  Minimum  of  a  Master's 
Degree  or  equivalent  in  Computer 
Science,  CIS,  Engineering, 
Mathematics,  Electronics,  Business, 
Management,  Technology  or  a 
related  field  required.  In  lieu  of  a 
Master's  Degree,  employer  is  willing 
to  accept  the  equivalent  to  a  U.S. 
Bachelors  Degree  with  five  (5)  years 
of  prior  progressive  professional 
experience  in  the  position  offered  or  a 
related  position;  furthermore, 
employer  is  willing  to  accept  any 
suitable  combination  ot  work  expe¬ 
rience,  education  and  training  that  is 
equivalent  to  the  actual  minimum 
requirements  of  the  position  and 
shows  demonstrable  ability  in  the 
required  skill  sets.  Position  also 
requires  extended  travel  and/or  relo¬ 
cation.  No  prior  professional  experi¬ 
ence  necessary.  Attractive  com¬ 
pensation  package.  Mail  resumes 
to:  American  Solutions,  Inc.,  Job 
#SE03,  100  Commerce  Drive, 
Suite  103,  Newark,  DE  19713. 


Programmer  Analyst  for 
Greenbelt,  MD  Office:  Design, 
Develop,  Test,  Implement, 
Maintain  and  Coordinate  Install 
of  software  applications  using 
Visual  Basic,  ASP,  Access, 
HTML,  VB.Net,  C,  C#,  C++, 
ColdFusion,  Java,  SQL  Server, 
Oracle, PL/SQL;  Masters  or 
Equivalent**  req’d  in 
Computers, Engineering,  Math 
or  related  field  of  study  +  1  yr  of 
related  exp.  (“Equivalent: 
Bachelors  or  Equivalent  +  5 
years  of  progressive  related 
work  exp). Multiple  positions 
available.  May  be  relocated  to 
various  unanticipated  locations 
throughout  the  United  States. 
40  hrs/Wk.  Must  have  legal 
authority  to  work  permanently  in 
the  U.S.  Send  resume  to 
wpjobs@issi-software.com  or 
HR  Manager  International 
Software  Systems,  Inc. ,7337 
Hanover  Pkwy,  Suite 
A, Greenbelt,  MD  20770. 


SOFTWARE  ENGINEER, 
Multiple  Openings.  Job  located 
in  Newark,  Delaware  and  vari¬ 
ous  unanticipated  client  sites 
throughout  the  United  States. 
Research,  design,  develop  and 
test  software/systems  applica¬ 
tions  in  a  client/server  environ¬ 
ment;  will  also  design,  implement 
and  maintain  various  programming 
and  operating  systems;  will  work 
in  a  team  environment  testing  and 
developing  software/systems 
applications  in  accordance  with 
project  specifications;  will  also 
work  under  the  close  supervision 
of  the  project  manager.  Minimum 
of  a  Bachelor's  Degree  or 
equivalent  in  Computer  Science, 
CIS,  Engineering,  Mathematics, 
Electronics,  Business, 
Management,  Technology  or  a 
related  field  required;  position 
also  requires  extended  travel 
and/or  relocation.  One  (1)  year 
prior  professional  experience 
in  software  design  and 
development  necessary. 
Attractive  compensation  pack¬ 
age.  Mail  resumes  to:  American 
Solutions,  Inc.,  Job  #SE01,  100 
Commerce  Drive,  Suite  103, 
Newark,  DE  19713. 


Juniper  Networks  in 
Sunnyvale,  CA  is  currently 
recruiting  for:  IT  Technical 
Staff  #1120:  Provide  IT 
support  for  engineering 
applications  and  other 
internal  processes  Mail 
resumes  with  job  code  #  to 
Attn:  MS  A3. 1.1. 200 

Juniper  Networks  1194  N. 
Mathilda  Avenue 

Sunnyvale,  CA  94089 


Programmer  Analyst 
needed  w/2  yrs.  exp  to 
analyze,  develop,  debug 
&  implement  in  house 
custom  application  using 
Java,  JavaScript,  Visual 
Basic  Script,  MS  Access, 
C,  C  +  +  &  Oracle 
on  Windows  NT  and 
Unix.  Mail  resumes  to: 
Ramada  Inn  Eastside, 
161  Lexington  Ave.,  NY, 
NY  10016 


CHIEF  SOFTWARE  ARCHITECT 
(LOCALIZATION  SOFTWARE)  - 
A  small  enterprise  software  com¬ 
pany  in  the  suburban-Boston 
area,  engaged  in  the  develop¬ 
ment  and  implementation  of  soft¬ 
ware  for  translating  and  synchro¬ 
nizing  multi-lingual  content,  has 
an  immediate  need  for  a  highly 
skilled  Chief  Software  Architect 
(Localization  Software).  This 
senior-level  unsupervised  techni¬ 
cal  position  has  overall  responsi¬ 
bility  for  the  software  architecture, 
multi-site  development,  databas¬ 
es,  configuration  management, 
and  technical  marketing  support 
of  a  specialty,  server-based 
(J2EE)  enterprise  software  prod¬ 
uct  for  translating  and  synchro¬ 
nizing  multilingual  content  (a 
globalization  management  sys¬ 
tem).  The  position  duties  involve: 
independently  design  and  devel¬ 
op  successfully  implemented 
commercial  Java-based  enter¬ 
prise  server  software;  architect 
high-availability  clustered  enter¬ 
prise  J2EE  software  systems, 
and  supervise  the  activities  of  an 
overseas  software  development 
team;  install,  administer,  and  use 
Microsoft  SQL  Server  2000,  and 
Oracle  8  database  server;  use 
and  administer  Rational 
ClearCase  and  perform  release 
management;  and,  publicly  pre¬ 
sent  and  demonstrate  technically 
complex  software  products  in 
support  of  marketing,  sales,  and 
sales  engineering.  Minimum 
educational  requirements  include 
a  Bachelors  degree  in  Computer 
Science  and  at  least  eight  (8) 
years  post-degree  industry  expe¬ 
rience  involving  primarily  Java 
and  J2EE  software  development 
for  commercial  applications,  at 
least  2  years  of  which  specifically 
involved  development  of  server- 
based  translation  memory  soft¬ 
ware.  Annual  base  salary  is 
$125,000  per  year  for  a  5  day/40 
hour  week,  together  with  fifteen 
(15)  days  paid  vacation,  contribu¬ 
tory  medical  and  life  insurances, 
and  other  industry-competitive 
benefits.  Job  Location:  Waltham, 
MA.  Qualified  applicants  should 
send  resume  referencing:  Job 
Order  Number  36314146  and 
ETA  Case  Number  P-05171- 
71814  BWr-9,  by  fax  to:  (484) 
270-1600  or  by  mail  to:  Backlog 
Elimination  Center,  Employment 
&  Training  Administration, 
Division  of  Foreign  Labor 
Certification,  1  Belmont  Avenue, 
Suite  220,  Bala  Cynwyd,  PA 
19004.  An  EOE/MFHV. 


Application  Software 
Engineer:  FalconStor 

Software,  Inc.  in  Melville, 
NY.  MS.  Req’d.  e-mail: 
Careers@FalconStor.co 
m  or  mail  Attn:  HR  Dept. 
2  Huntington  Quadrangle, 
Suite  2S01,  Melville,  NY 
11747 


Software  Engineer  w/Masters  or 
foreign  equiv.  in  Comp.  Sci.  or 
Engg  or  Math  &  1  yr  exp.  *Will 
accept  bachelors  or  foreign  equiv 
&  5yrs  of  progressive  work  exp  in 
lieu  of  Master*  &  lyr  exp.  Analyze, 
dsgn  &  dev  legacy  applic  in 
mainframe  using  Cobol,  CICS, 
DB2,  SQL  as  d/bases  on  Win 
OS.  Perform  production  support 
using  Remedy  &  Peregrine  tools. 
Construct,  dsgn,  test,  integrate  & 
implmt  enhancement  &  mainte¬ 
nance  projects  using  PVCS,  Fileaid. 
FileManager  &  Endeavor.  Mail  res 
to:  STG,  Inc.,  910  Bergen  Ave,  Ste 
202,  Jersey  City,  NJ  07306.  Job 
loc:  Jersey  City,  NJ  or  in  any 
unanticipated  Iocs  in  USA. 


Computerworld  -  January  8,  2007 


Software  Engineer  w/Masters  or 
foreign  equiv.  in  Engg.  or  Comp. 
Scie.  or  Math  &  1  yr  exp.  *Will 
accept  Bach  or  foreign  equiv  &  5 
yrs  of  progressive  work  exp  in  lieu 
of  Masters  &  1*  yr  exp.  Analyze, 
design  &  dev  ASP  solutions 
(Application  Server  Provider) 
using  Windows  2000,  IIS  Server, 
Visual  Interdev,  Active  Server 
Pages,  MS  SQL  Server,  Oracle, 
VB,  HTML,  DHTML  &  XML. 
Recommend  systems  solutions, 
draft  written  specifications, 
charts,  object  models  &  design 
S/W  appli.  Dev  &  install  new  S/W 
projects  &  adhere  to  the  project 
plans.  Test  &  document  the  soft¬ 
ware  appli.  that  are  already 
developed  on  a  timely  basis.  Mail 
res  to:  Modulemd  LLC,  49  South 
Cass  Street,  Suite  IB,  Battle 
Creek,  Ml  49017,  Job  loc:  Battle 
Creek,  Ml 


Software  Engineer  needed 
w/Masters  or  Foreign  Equivalent 
in  Engg.  or  Comp.  Sci.  or  Math  & 
1  yr.  exp  to  research,  analyze, 
design  &  develop  server  side 
programs  using  MS  SQL  Server. 
Create  &  administer  databases 
in  T-SQL  using  stored  procedures, 
DTS,  functions  &  triggers.  Install 
MS  Analysis  Server  on  64  bit 
faiiover  cluster.  Design,  build  & 
process  cubes  in  ROLAP  using 
MS  Analysis  Servers,  Clusters, 
Foglight,  Visual  SAN,  Navisphere 
Manager  &  EMC  Snapview  on 
Windows  &  SAN  env.  1  yr.  exp  as 
Project  Associate  is  acceptable. 
Exp.  prior  to  completion  of 
Masters  deg.  is  acceptable.  Mail 
resumes  to:  Bijjam  Information 
Tech.  Inc.,  3525  W.  Peterson 
Ave.,  Ste  #310,  Chicago,  IL 
60659. 
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SOFTWARE  ENGINEER:  Resp 
for  dvlpmt,  dsgn  &  maintenance 
of  co.'s  d/base  mgmt  tool  dba/m, 
Data  Mining  Integrator  &  Data 
Mart  Builder.  Specific  resp  incl: 
support  Tandem  Nonstop  SQL/MP 
&  SQL/MX  dvlpmt  team;  provide 
web-based  solutions  to  customer 
for  d/base-related  products.  Min. 
educ.  req.  M.S.  or  foreign  degree 
equiv  in  Applied  Statistics,  Comp 
Sci  or  related  engg  +  3yrs  exp 
in  job  offd  or  3yrs  as  S/ware 
Consultant.  Background  in 
Tandem  Nonstop  Kernal 
Operating  Systm,  Nonstop 
SQL/MP  d/base,  SUN  Java-2; 
HTML,  XML;  Shell  Scripts 
on  Unix/Linux.  Send  resume 
to  Genus  Software,  Inc.  Attn: 
Mr.  Om  Gupta,  10080 
N.  Wolfe  Rd,  #SW3-301 , 
Cupertino,  CA  95014 

Application  Developer 
wanted  by  LED  display 
company  in  City  of 
Industry,  CA.  B.S.  in 
CIS  Req’d.  Resume  to: 
J  Hwee,  H.R.  Optec 
Displays,  530  S  6th 
Ave.  Industry,  CA 
91746. 


Inventory  Control  Analyst  / 
RFID  Specialist  wanted 
by  Cell  Phone  &  PDA 
accessories  distributor 
in  Brea,  CA.  Master  in 
MIS,  Industrial  Technology 
Studies  or  Related. 
Resume  to  Robin  Ho, 
H.R.,  Huan  Guang 
Technologies,  460  W. 
Lambert  Rd  #  H.  Brea, 
CA  92821. 


Prog  Analyst  for  Nebraska 
based  IT  firm;  Design  create 
and  develop  software  solutions 
for  diverse  programming  sce¬ 
narios  in  SP,NET,C+,OOP.  Use 
SQL  Server,  Store  procedure, 
Commerce  Server  2000  ADO 
and  NET.  Provide  technical 
guidance  on  client  projects. 
Reply  with  2  resumes  to  HR 
Global  Brilliance,  LLC,  605  S 
14th  Street,  Suite  #  402, 
Lincoln,  Nebraska  68508 


PC  Products  and  Services,  Inc., 
located  in  Roselle,  IL,  seeks  a 
Programmer  Analyst.  The  posi¬ 
tion  requires  a  Bachelors  degree 
in  Computer  Science  or  its 
equivalent  and  one  year  of 
experience  as  a  Programmer 
Analyst.  Mail  your  resumes  to 
Patrick  Boghra,  CEO  at  25  W. 
217  Lake  St.,  Roselle,  IL  60172 
or  fax  your  resumes  to  630-539- 
8990,  Attn.:  Patrick  Boghra 


SAP  Consultant  w/2  yrs  exp 
to  analyze,  design,  configure, 
implement  SAP  R/3  -  FICO 
module  using  ASAP  methodology 
&  test  the  customized  objects. 
Use  GL,  AP,  AR,  AM,  CCA,  PCA, 
PA,  10  &  PC  sub-modules 
Build  EDI  functionality  by 
configuring  IDOC  structures, 
ANSI  XII  to  SAP  mapping, 
interacts  with  financial  institutions 
&  VAN.  Participate  in  Change 
Management  by  using  Lotus 
Notes,  Protrack  &  Trackwise 
applications.  Create  user 
training  documents.  Provide 
SAP-FICO  production  support 
using  ARS  (Action  Request 
System).  Mail  res  to:  Compu- 
Solve,  Inc.,  306  Fifth  Avenue, 
3rd  Floor,  New  York,  NY  10001 
Job  Loc:  NYC  or  in  any 
unanticipated  locations  in  USA 


Programmer  Analyst  w/Bach 
or  foreign  equiv.  in  Engg.  or 
Comp.  Scie.  or  Math  &  2yrs 
exp  to  analyze,  dsgn  &  dev 
s/ware  systms  using  C++, 
Java,  C,  Perl,  Javascript  & 
HTML  using  Sybase  & 
MS  SQL  server  d/bases. 
Websphere  applic  server 
Analyze  reqmts  &  determine 
feasibility  of  dsgn.  Mail  res  to: 
Open  Systems  Technologies, 
Inc.,  225  W.  34th  St,  Ste  1715, 
NY,  NY  10122  Attn:  HR.  Job 
Loc:  NYC  or  in  any  unantici¬ 
pated  Iocs  in  USA 


Sr  Bioinformatics  Analyst 
w/Masters  in  Computational 
Molecular  Biology  &  1  yr  exp  to 
perform  computational  &  statisti¬ 
cal  data  analysis,  implmt  bioinfor¬ 
matics  algorithms.  Interpret  bio¬ 
logical  data  from  various  plat¬ 
forms  of  medical  research  &  drug 
dsgn  such  as  DNA  sequencers, 
microarrays  (gene  expression, 
SNP  genotyping,  array  CGH. 
Splicing  arrays)  &  mass  spec¬ 
troscopy  equipment  (SELDI-TOF. 
MALDI,  MS-MS).  Analyze  data 
generated  from  various  research 
areas  from  drug  discovery  such 
as  genomics  &  proteomics.  Using 
Matlab,  Perl.  MY  SQL.  dChip  & 
ArrayAssit.  Mail  res  to  Tanisha 
Systems  Inc.  22  River  St,  Ste 
#AA1.  Braintree,  MA  02184,  Job 
Loc:  Braintree,  MA  or  in  any 
unanticipated  locations  in  USA 


Software  Engineer  w/2yrs  exp. 
to  research,  analyze,  develop, 
program,  test  &  implement 
s/ware  applications  for  fin’l 
industries  using  ASP.  VB, 
XML/XLST,  VBScript,  Java 
Script,  Crystal  Reports,  JSP, 
Servlets  &  design  methodolo¬ 
gies  using  UML/ERWin, 
WebLogic,  IIS,  database  design 
&  SQL  Server.  Write  application 
s/ware,  data  analysis,  data 
access,  data  manipulation  & 
database.  Provide  technical 
support.  Mail  resume  to: 
Suswee  Infotech  Corp.  d/b/a 
Compu-lnfo,  22  Meridian  Road, 
Ste  #17,  Edison,  NJ  08820 


Programmer  Analyst  needed 
w/Bachelors  or  Foreign  Equiv.  in 
CS  or  Math,  or  Engr.  &  1  yr.  exp 
to  analyze,  design,  develop, 
implement  &  debug  dataware¬ 
housing,  ETL  &  reporting  tools 
using  Informatica,  Datastage, 
Abinitio,  Cognos,  Business 
Objects,  Oracle,  SQL  Server, 
DB2  on  Windows  NT  &  Unix 
environment.  Perform  schedul¬ 
ing  &  migration  process  using 
Appworx,  Kintana  &  VSS.  Mail 
resume  to:  Suswee  Infotech 
d/b/a  Compu-lnfo,  22  Meridian 
Rd,  Ste  #17,  Edison,  NJ  08820. 


Keane,  Inc.  seeks  IT  profession¬ 
als.  Currently  based  at  various 
locations.  Must  be  willing  to  be 
assigned  to  client  sites  through¬ 
out  the  U.S.  (multiple  openings) 
include:  (Code  R-1706) 

Programmer/Analyst  based  in 
Richmond,  VA:  BS  or  equiv.  +  2 
yrs.  exp.  dev.  financial  apps.  w / 
UNISYS  &  Dargal;  (Code  R- 
1697)  Programmer/  Analyst 
based  in  Richmond,  VA:  BS  or 
equiv.  +  2  yrs.  exp.  CRM  dev.  w/ 
COBOL,  Unisys  A-series  &  BL 
products;  (Code  R-1625) 
Software  Engineer  based  in 
Jersey  City,  NJ:  MS  +  3  or  BS  + 

5  yrs.  exp.  in  software  dev.  w /  at 
least  2  yrs.  w/  VC++,  OLE 
TCP/IP;  (Code  R-1678) 
Systems  Administrator  based  in 
Medford.  MA:  BS  or  equiv.  +  2 
yrs.  exp.  in  UNIX  sys  admin  . 
(Code  R-1702)  Software 
Engineer  based  in  New  York 
City/Jersey  City,  NJ:  MS  +  3  yrs. 
exp.  in  dev.  of  database  &  web 
apps.  w /  Essbase,  Alphabox  & 
Java;  (Code  R-1651) 
Programmer/  Analyst  based  in 
Cypress,  CA:  BS  or  equiv.  +  2 
yrs.  exp.  software  dev.  w/  VAX- 
COBOL.  VAX-RDB,  ACMS. 
RDO,  DTR;  (Code  R-1688) 
Programmer/  Analyst  based  in 
Frankfort,  KY:  BS  or  equiv.  +  2 
yrs.  exp.  software  dev.  w /  J2EE, 
Websphere  &  DB/400;  (Code  R- 
1661)  Programmer/Analyst 
based  in  Frankfort.  KY:  BS  or 
equiv.  +  2  yrs.  exp.  dev.  w / 
Oracle  9iAS  Designer,  Portal  R2 

6  Oracle  JPDR;  (Code  R-1622) 
Software  Engineer  based 
nationwide  BS  or  equiv.  +  2  yrs 
software  dev.  w/  Ariba  Buyer; 
(Code  R-1680)  Sr. 
Programmer/Analyst  based  in 
Raleigh/Durham,  NC  BS  or 
equiv.  +  2  yrs.  software  dev 
(must  incl.  6  mos  software  inte¬ 
gration  w /  MQSL,  12  &  WML) 
Send  resumes  w /  Job  Code  to 
Keane,  Inc.  McDermott-JOBS 
100  City  Square,  Boston,  MA 
02129 


HR  Cache  LLC.  a  software  con¬ 
sulting  firm,  headquartered  in 
Gainesville,  VA  is  currently  seek¬ 
ing  IT  professionals  to  fill 
Consultant  positions  located 
nationwide.  Specific  skill  sets 
needed  include: 

•  Web  development  (Job  #010) 

•  Business  Intelligence 
Consultants  (Job  #020) 

•  Database  services  (Job  #030) 

•  CRM  Consultants  (Job  #040) 

•  Testing  &  QA  Analysts  (Job 
#060) 

•  Network  Services  (Job  #070) 

•  ERP  Consultants  (Job  #080) 

•  J2EE  Developers  (Job  #090) 

•  Net  Developers  (Job  #100) 

•  Business  Analysts  (Job  #110) 

•  Project  Managers  (Job  #120) 

Entry  thru  Senior  level  positions 
available.  Competitive  salaries. 
Must  be  willing  to  travel/relo¬ 
cate.  MUST  REFER  TO  SPE¬ 
CIFIC  SKILL  SET  &  NUMBER 
ABOVE  FOR  CONSIDERA¬ 
TION.  Send  resume  to: 
careers@hrcache.com. 
Applicants  must  have  authority 
to  work  permanently  in  the  U.S. 


Software  Engineer  (hvg 
Mast  Deg  or  Bach  Deg 
w/5yrs  exp)  &  Programmer 
Analyst  reqd.  (Farmingdale) 
NY  Design  /implement  vari¬ 
ous  software  applications 
/products  using  software/ 
hardware  skills.  Apply  to 
The  New  Protocol,  Inc.  399 
Conklin  Street  #202, 
Farmingdale,  New  York  - 
11735 


hief  Information  Officer 

Senior  Executive  Service 


Our  role  at  the  U.S.  Nuclear  Regulatory  Commission  (NRC)  is  critical,  compelling,  and  wider 
than  most  people  realize.  To  be  sure,  our  accountabilities  encompass  establishing  standards  and 
regulations,  issuing  licenses  to  nuclear  facilities  and  to  users  of  nuclear  materials,  and  more.  But 
our  impact  is  also  felt  in  medicine  programs  at  hospitals.. .in  academic  research  facilities  at 
universities.. .in  various  industrial  settings  —  everywhere  in  the  U.S.  where  nuclear  materials  are 
studied,  implemented,  and  applied  to  help  meet  the  needs  of  the  worid  and  make  it  a  better  place. 

An  opportunity  currently  exists  in  our  Rockville,  MD  headquarters  facility  for  a  Chief 
Information  Officer 

Reporting  directly  to  the  Executive  Director  for  Operations  (EDO),  the  CIO  will  establish  policy  to 
carry  out  the  U.S.  Nuclear  Regulatory  Commission's  (NRC's)  responsibilities  established  by  the 
Clinger-Cohen  Act,  the  Government  Paperwork  Elimination  Act,  the  Federal  Records  Act,  the 
Freedom  of  Information  Act,  the  E-government  Act,  and  the  Privacy  Act:  lead  the  establishment  of 
unified  agency  standards  for  information  resources  management  activities  and  for  evaluating  the 
quality,  effectiveness,  and  use  of  all  the  agency  information  systems.  The  incumbent  Is 
responsible  for  policy  development  and  guidance,  program  direction,  and  the  exercise  of  agency 
authority  for  information  technology  and  management. 

Qualifications  include  substantial  supervisory,  managerial,  and/or  policy  making  experience  along 
with  relevant  subject  matter  experience.  This  specialized  experience  includes  demonstrated 
experience  in  successfully  managing  agency  or  corporate  level  information  technology  (IT)  and 
information  management  (IM)  functions  (i.e.,  strategic  planning,  systems  acquisitions,  software 
development,  operations,  IT  architectures,  telecommunications,  computer  security,  and 
information  management,  including  collection,  storage,  dissemination  and  security  of  such 
information);  and  leadership  at  the  agency  or  corporate  level  in  areas  such  as  consensus 
building,  influencing  senior  officials  to  use  information  technology  as  an  enabler  to  improve 
mission  performance,  building  partnerships  among  senior  agency  or  corporate  executives, 
shaping  and  conveying  a  vision  of  how  information  technology  can  add  value  while  transforming 
or  supporting  program  operations.  Additional  requirements  include  knowledge  of  Federal  IT  and 
IM  policy,  regulations,  and  guidelines,  including  the  Clinger-Cohen  Act,  the  Government 
Paperwork  Reduction  Act,  the  Federal  Information  Security  Management  Act,  the  Privacy  Act,  the 
Freedom  of  Information  Act  E-govemment  initiatives,  and  other  Office  of  Management  and 
Budget  (0MB)  and  General  Accounting  Office  (GAO)  guidance,  or  other  comparable  private  sector 
accountability  requirements:  and  demonstrated  experience  in  the  successful  management  of 
major  information  technology  projects  (budgets,  schedules,  etc.). 

How  to  Apply 

For  a  detailed  job  description  and  to  apply  on-line,  please  visit  our  Web  site  at:  www.nrc.gov 
and  refer  to  Vacancy  Announcement  #ED0-2007-0001.  Only  on-line  applications  will  be 
accepted  until  January  22, 2007.  _ 
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An  equal  opportunity  employer.  MT/D/V.  U.S  cflizenstap  required 


Software  Engineer  w/Masters 
or  for.  equiv.  in  Comp.  Sci.  or 
Egnr  or  Math  &  1  yr  exp  to  ana¬ 
lyze,  dsgn,  dev.  &  deploy  inter¬ 
net  applic.  using  Java,  Servlet 
&  JSP.  Test  web  projects.  Dev. 
&  customize  client  server 
applic.  in  VAJ,  WAS.  Team  Site, 
Silk  Performer,  XML  &  System 
Mgmt  Server  (SMS).  Provide 
production  &  tech  support.  Mail 
res  to:  Cambridge  Technology 
Enterprises  Inc.,  101  Main 
Street,  16th  fir.,  Cambridge,  MA 
02142.  Job  Loc:  Cambridge, 
MA  or  in  any  unanticipated 
locations  in  USA 


Keane  seeks  IT  professionals. 
Current  location  shown  below. 
Must  be  willing  to  be  assigned  to 
client  sites  throughout  the  U.S. 
Multiple  openings  including: 
(Code  R-1605)  Computer 
Systems  Analyst  based  nation¬ 
wide.  BS  or  equiv.  +  2  yrs  exp.  in 
software  dev.  w /  JAVA.  (Code 
R-1635)  Systems  Analyst  based 
in  Benton  Harbor,  Ml.  BS  or 
equiv.  +  2  yrs  exp.  in  software 
dev.  w/IDMS.  (Code  R-1613) 
Graphic  Designer  based  in 
Groton,  CT.  BS  in  graphic 
design  or  related  +1  yr  exp.  in 
Web  design  +  dev.  w/Action 
Script  +  Java  Script.  (Code  R- 
1683)  Programmer/Analyst 
based  in  Albany,  NY.  BS  or 
equiv.  +  2yrs  exp.  in  database  + 
app.  dev.  w/SALUTE  network 
security  sys.  (Code  R-1579) 
Programmer/Analyst  (Business 
Apps.)  based  in  Salinas,  CA.BS 
or  equiv.  +  1  yr  exp.  in  software 
dev.  w/RPG  +AS/400.  Send 
resumes  w /  Job  Code  to  Keane, 
Inc.  McDermott-JOBS  100  City 
Square,  Boston,  MA  02129. 


Software  Engineer  w/Masters  or 
foreign  equiv  in  Comp  Scie  or  Engr 
or  Math  &  1  yr  exp.  *  Will  accept 
Bach  or  foreign  equiv.  &  5yrs  of 
progressive  work  exp  in  lieu  of 
Masters*  &  1  yr  exp  Research, 
analyze,  dsgn  &  dev  enterprise 
applic.  using  Java,  C/C++, 
Oracle,  SQL  Server.  TCP/IP,  ASP. 
Cold  Fusion  &  Bea  Weblogic  in 
Unix  &  Windows.  Dsgn  &  dev 
interfaces  between  home  grown 
enterprise  applic.  &  ERP  applic. 
using  XML.  Create  reports  using 
Crystal  Reports.  Mail  res  to: 
Compulnfo,  22  Meridian  Rd,  Ste 
#17.  Edison,  NJ  08820.  Job  Loc: 
Edison,  NJ  or  in  any  unanticipat¬ 
ed  Iocs  in  U  S  A. 


PROGRAMMER  ANALYST, 
Multiple  Openings.  Job  located  in 
Newark,  Delaware  and  various 
unanticipated  client  sites  throughout 
the  United  States.  Analyze,  design, 
develop,  modify  and  implement 
software/systems  applications  in  a 
client/server  environment;  will  also 
design,  implement  and  maintain 
various  programming  and  operating 
systems;  will  work  in  a  team  environ¬ 
ment  testing  and  developing  soft¬ 
ware/systems  applications  in 
accordance  with  project  specifi¬ 
cations;  will  also  work  under  the 
close  supervision  of  the  project 
manager.  Minimum  of  a  Bachelor's 
Degree  or  equivalent  in  Computer 
Science,  CIS,  Engineering, 
Mathematics,  Electronics,  Business, 
Management,  Technology  or  a 
related  field  required;  position  also 
requires  extended  travel  and/or  relo¬ 
cation.  No  prior  professional  experi¬ 
ence  necessary.  Attractive  com¬ 
pensation  package.  Mail  resumes 
to:  American  Solutions,  Inc.,  Job 
#PA01,  100  Commerce  Drive, 
Suite  103,  Newark,  DE  19713. 


SENIOR  SOFTWARE  ENGINEER, 
Multiple  Openings.  Job  located  in 
Newark,  Delaware  and  various 
unanticipated  client  sites  through¬ 
out  the  United  States.  Research, 
design,  develop  and  test  soft¬ 
ware/systems  applications  in  a 
client/server  environment;  will 
also  design,  implement  and  main¬ 
tain  various  programming  and 
operating  systems;  will  work  inde¬ 
pendently  testing  and  developing 
software/systems  applications  in 
accordance  with  project  specifi¬ 
cations;  will  oversee  systems 
implementation  and  prepare  pro¬ 
ject  status  reports  and  formal  pre¬ 
sentations  as  required;  will  com¬ 
municate  project  specifications 
effectively  with  project  team. 
Minimum  of  a  Master's  Degree  or 
equivalent  in  Computer  Science, 
CIS,  Engineering,  Mathematics. 
Electronics,  Business, 
Management,  Technology  or  a 
related  field  required.  In  iieu  of  a 
Master's  Degree,  employer  is  will¬ 
ing  to  accept  the  equivalent  to  a 
U.S.  Bachelor's  Degree  with  five 
(5)  years  of  prior  progressive  pro¬ 
fessional  experience  in  the  posi¬ 
tion  offered  or  a  related  position; 
furthermore,  employer  is  willing  to 
accept  any  suitable  combination 
of  work  experience,  education 
and  training  that  is  equivalent  to 
the  actual  minimum  requirements 
of  the  position  and  shows  demon¬ 
strable  ability  in  the  required  skill 
sets.  Position  also  requires 
extended  travel  and/or  relocation. 
Five  (5)  years  prior  professional 
experience  in  software  design 
and  development  necessary. 
Attractive  compensation  pack¬ 
age.  Mail  resumes  to:  American 
Solutions,  Inc.,  Job  #SE04,  100 
Commerce  Drive,  Suite  103, 
Newark,  DE  19713. 
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DARPA  Pushes  to  Bring  Supercomputers  to  the  Masses 

$650M  defense  development  effort 
also  aims  to  gain  commercial  users 


BY  PATRICK  THIBODEAU 

The  Defense  Advanced  Re¬ 
search  Projects  Agency’s  multi¬ 
year,  $650  million  mission  to 
develop  high-performance  su¬ 
percomputers  is  more  than  just 
a  hardware  project,  said  DARPA 
officials.  The  contractors  must 
ensure  that  the  systems  are 
productive  and  easy  to  use 
for  both  national  security  and 
commercial  applications. 

Therefore,  the  DARPA  effort 
also  involves  building  pro¬ 
gramming  languages,  develop¬ 
ment  tools  and  methods  for 
scaling  applications  across  tens 
of  thousands  of  processors. 

“High-performance  comput¬ 
ing  is  at  a  critical  juncture,” 


said  William  Harrod,  manager 
of  DARPA’s  High  Productivity 
Computing  Systems  program. 

Cray  Inc.  and  IBM  in  No¬ 
vember  won  contracts  valued 
at  $500  million  to  develop 
“economically  viable  high- 
productivity”  supercomputers 
by  the  end  of  2010,  he  noted. 

The  agency’s  development 
effort  began  in  2002  with  five 
vendors.  The  two  remaining 
suppliers  have  been  tasked 
with  delivering  a  line  of 
systems  whose  high  end  is 
capable  of  sustaining  petaflop 
speeds  and  securely  running 
national  defense  and  commer¬ 
cial  applications. 

Building  such  systems 


requires  a  programming  en¬ 
vironment  that  Harrod  said 
“is  easier  to  use  and  that  has 
less  of  a  learning  curve  than 
the  environments  on  today’s 
HPCs,”  or  high-performance 
computers. 

The  new  systems  will  also 
need  an  architecture  and  an 
operating  system  that  enables 
efficient  execution,  he  said. 

A  Single  Language 

Current  programming  lan¬ 
guages  require  an  enormous 
amount  of  effort  from  cod¬ 
ers  to  transform  ideas  into 
algorithms  and  then  turn  that 
work  into  something  that  can 
run  on  a  supercomputer,  said 
Stanley  Ahalt,  executive  direc¬ 
tor  at  the  Ohio  Supercomputer 
Center  in  Columbus. 

“Right  now,  we  have  a  collec¬ 


tion  of  codes  written  in  older 
languages  that  are  very  dif¬ 
ficult  to  modify,”  he  said,  citing 
languages  like  Fortran. 

Under  the  contract  with 
DARPA,  Cray  is  developing  a 
programming  language  called 
Chapel  and  IBM  is  developing 
what  it  calls  xlO  to  address 
these  problems.  Only  one  lan¬ 
guage  will  emerge  from  the 
research,  officials  said. 

“There  will  be  one  language 
at  the  end  of  the  day,  and  the 
government,  multiple  compa¬ 
nies  and  HPC  user  communi¬ 
ties  are  going  to  have  to  put  in 
some  effort  to  adopt  [it],”  said 
Steve  Scott,  chief  technology 
officer  at  Cray. 

Tony  Befi,  a  vice  president 
in  IBM’s  HPC  group,  said  engi¬ 
neers  are  working  to  make  the 
systems  more  productive  so 


TIMELINE 

assssftfcws: 


DARPA 

Supercomputer 

Project 

2002:  IBM.  Cray.  Sun  Micro¬ 
systems  and  Silicon  Graphics 
each  get  $3  million  for  initial 
development  work. 

•  •»  *  «  *4  •V*  >;;*  *  • 

2003:  Sun,  IBM  and  Cray  con¬ 
tinue  work  under  a  combined 
S146  million  contract. 

»••*•«•••••*«*  *.*  *  #  •V*  *  *  v.‘  -  -• 

2006:  Cray  is  awarded 
$250  million  and  IBM  $244  mil¬ 
lion  to  complete  development 
of  petascale  systems. 

•  '  •  'V-  • 'V 


that  they  will  be  more  cost- 
effective  and  attractive  for 
broad  commercial  uses. 

“There  is  money  that  could  be 
spent  if  these  assets  were  usable 
and  productive  enough  to  war¬ 
rant  the  investment,”  he  said.  ► 


Continued  from  page  1 

Data  Sharing 

“The  problem  is  the  ease 
with  which  the  information 
held  by  multiple  agencies  can 
be  accessed  in  one  place,”  said 
Allison  Knight,  staff  counsel  at 
the  Electronic  Privacy  Infor¬ 
mation  Center  in  Washington. 
Any  inaccurate  data  stored  in 
OneDOJ  could  be  quickly  dis¬ 
seminated  to  a  large  number 
of  law  enforcement  officials, 
she  said,  adding  that  the  DOJ 
should  enable  people  to  cor¬ 
rect  erroneous  information. 

Knight  also  said  that  the 
centralized  database  could 
become  a  big  target  of  hackers 
and  other  unauthorized  users. 
DOJ  officials  need  to  ensure 
that  deep  security  and  safety 
mechanisms  are  in  place  to 
prevent  breaches,  she  said. 

OneDOJ  is  “far  more  than 
just  bringing  together  all  the 
information  they  have,”  said 
Barry  Steinhardt,  director  of 
the  technology  and  liberty 
program  at  the  American  Civil 
Liberties  Union.  “Once  you  put 
all  the  information  in  one  place, 


it  enables  the  kind  of  data  min¬ 
ing  that’s  not  possible  by  tradi¬ 
tional  law  enforcement.” 

One  problem,  Steinhardt 
added,  is  that  the  DOJ,  and  the 
FBI  in  particular,  have  been 
“notoriously  inept  at  managing 
[their]  computing  resources.” 

For  example,  the  FBI  in 
2005  scrapped  a  three-year, 
$170  million  effort  to  develop 
an  automated  case  manage¬ 
ment  system  and  is  now  pur¬ 
suing  a  project  called  Sentinel 
that  isn’t  due  for  completion 
until  late  2009.  And  the  DOJ 
received  a  D  grade  for  com¬ 
puter  security  on  an  annual  re¬ 
port  card  issued  by  a  congres¬ 
sional  committee  last  March. 

“Maybe  they  ought  to  get 
their  house  in  order  to  in¬ 
crease  confidence  in  their  IT 
systems,”  Steinhardt  said. 

But  McNulty  wrote  in  his 
memo  that  in  order  to  fulfill  its 
law  enforcement  mission  and 
help  prevent  terrorism,  the 
DOJ  is  “committed  to  sharing 
as  much  information  as  pos¬ 
sible,  lawful  and  practicable.” 
He  added  that  OneDOJ  “en¬ 
ables  and  indeed  obligates”  the 
agency’s  units  to  aggressively 


expand  their  information¬ 
sharing  capabilities. 

“Everyone  recognized  the 
need  for  improving  informa¬ 
tion  sharing  after  9/11,”  DOJ 
spokesman  Dean  Boyd  said 
last  week.  The  data  stored  in 
OneDOJ  is  available  to  state 
and  local  law  enforcement 
now,  Boyd  said,  but  they  must 
get  the  information  from  indi¬ 
vidual  DOJ  units. 

“What  [OneDOJ]  does  is 
simply  consolidate  that  infor¬ 
mation  in  a  way  that  state  and 
local  authorities  can  access  it 
in  a  single  portal,”  Boyd  said. 


OPEN  BOOK 


MThe  [DOJ]  remains 
committed  to  shar¬ 
ing  as  much  information 
as  possible,  lawful  and 
practicable.  We  must  work 
to  achieve  this  objective 
without  delay  and  within 
the  confines  of  our  present 
resources  -  always  search¬ 
ing  and  striving  for  ways  to 
get  more  out  of  our  existing 
systems  and  assets. 


FROM  THE  DEC.  21  MEMO 
WRITTEN  BY  DEPUTY  ATTORNEY 
GENERAL  PAUL  J.  McNULTY 


“We  clearly  feel  that  this  is  not 
a  new  giant  database  in  any 
way  but  is  a  new  way  for  law 
enforcement  to  use  informa¬ 
tion  that  is  available  to  them.” 

Data  Safeguards 

Boyd  said  the  database  has 
high-level  safeguards  and  in¬ 
cludes  an  access  log  that  keeps 
records  of  all  users  who  search 
and  review  the  database.  He 
wouldn’t  identify  the  software 
that  the  DOJ  is  using  for  the 
database,  which  contains 
about  1  million  records  now 
and  is  expected  to  triple  in 
size  within  three  years. 

The  DOJ’s  Hitch  was  un¬ 
available  for  an  interview 
about  OneDOJ  last  week. 

Work  on  OneDOJ  began  in 
late  2005,  and  pilot  projects 
linking  the  database  to  local 
and  regional  information¬ 
sharing  systems  in  locations 
such  as  Seattle  and  San  Diego 
were  launched  last  year. 

In  his  memo,  McNulty  wrote 
that  the  DOJ  will  support  a  set 
of  common  standards  with 
OneDOJ  and  remain  vendor- 
neutral,  allowing  state  and  local 
governments  to  use  any  com¬ 


patible  systems.  Boyd  said  the 
standards  include  terminology 
and  data  exchange  specifica¬ 
tions  and  an  XML  data  model 
that  are  built  into  the  National 
Information  Exchange  Model, 
which  was  created  by  the  DOJ 
and  the  Department  of  Home¬ 
land  Security  in  2005. 

McNulty  ordered  the  DOJ’s 
units  to  share  information 
on  open  and  closed  cases,  as 
well  as  criminal  event  data, 
criminal  history  records  and 
identifying  information  about 
offenders.  The  memo  was 
addressed  to  all  of  the  93  U.S. 
attorneys  and  to  the  directors 
of  the  FBI,  the  Drug  Enforce¬ 
ment  Administration,  the  U.S. 
Marshals  Service,  the  Federal 
Bureau  of  Prisons  and  the 
Bureau  of  Alcohol,  Tobacco, 
Firearms  and  Explosives. 

According  to  the  memo,  the 
DOJ  won’t  disclose  informa¬ 
tion  that  endangers  national 
security  or  the  lives  of  law  en¬ 
forcement  personnel,  witness¬ 
es  “and  certain  crime  victims.” 
Data  about  public  corruption 
cases  and  some  civil  rights  in¬ 
vestigations  will  also  be  with¬ 
held,  McNulty  wrote.  » 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


IT’S  AN  OLD  STORY:  A  sales  manager  comes  up  with  a  great 
system  for  squeezing  maximum  results  from  his  salespeople 
and  uses  spreadsheets  to  support  the  process.  Another  sales 
manager  thinks  this  is  a  great  idea  and  proposes  scaling  the 
whole  works  up  to  support  many  more  salespeople.  IT  says  no, 
we  don’t  have  the  resources  to  build  this,  and  if  you  do  it  yourself,  we 
won’t  support  it.  Sales  hires  a  programmer  who  whips  up  a  database- 
driven  version.  The  dog  and  pony  show  wows  the  CEO,  who  throws 
his  support  behind  the  project.  But  it  turns  out  the  new  software 
breaks  some  existing  applications  and  even  corrupts  critical  data.  And 
a  year  later,  it’s  IT’s  job  to  fix  the  problem. 

How  did  IT  get  into  this  mess?  By  just  saying  no. 


January  is  when  proposals  to  turn  this  or  that 
user-created  spreadsheet  hack  into  a  real  applica¬ 
tion  start  to  bubble  up.  Hey,  it’s  a  new  year  (even 
though  it’s  not  a  new  IT  budget  year),  a  time  for 
new  ways  of  thinking  and  better  ways  of  doing 
things.  The  fact  that  there’s  no  money  for  new 
projects  in  IT’s  budget  doesn’t  dampen  users’ 
enthusiasm. 

So  what  they  propose,  you  dispose  of  with  IT’s 
favorite  word:  no.  And  you  figure  that  by  saying 
you  won’t  do  it  and  won’t  support  it,  you’re  off 
the  hook. 

That’s  naive  —  almost  as  naive  as  users’  ideas 
about  how  easy  it  will  be  to  create  those  real 
applications. 

Look,  IT’s  ability  to  stop  a  project  just  by 
saying  no  is  long  gone.  Users  figured  out  in 
the  1980s  that  they  could  buy  their  own  comput¬ 
ers  and  program  their  own  spreadsheet  applica¬ 
tions.  They  discovered  in  the  1990s  that  they 
could  rent  space  to  create  their  own  Web  pages 
and  even  hire  freelance  programmers.  Today, 
when  IT  says,  “No,”  they  say,  “So  what?”  and  do 
it  themselves. 

But  their  priorities  aren’t  IT’s  pri¬ 
orities.  They’re  mainly  concerned 
with  getting  their  apps  to  work  as 
quickly  and  cheaply  as  possible.  You, 
on  the  other  hand,  have  to  think 
about  corporate  standards  and  main¬ 
tainable  code  and  bandwidth  limita¬ 
tions  and  upgradability  —  and,  most 
of  all,  making  sure  the  new  software 
won’t  break  your  old  software. 

When  you  say  no,  you  don’t  stop 
the  project.  You  just  lose  your 
chance  to  make  sure  IT’s  priorities 
get  into  the  mix.  You  cut  yourself  off 
from  the  project  until  something  has 


broken  horribly,  just  when  fixing  the  problem  is 
most  expensive. 

In  other  words,  by  saying  an  ineffective  no,  you 
maximize  the  cost  of  the  fix  and  look  like  an  ob¬ 
structionist  in  the  process. 

But  you  can’t  say  yes,  either.  The  money  just 
isn’t  there  in  the  IT  budget.  The  IT  staff  is  still 
booked  solid. 

Maybe  it’s  time  to  stop  thinking  there  are  only 
two  choices.  Maybe  it’s  time  to  say,  “We  can’t  do 
it,  and  we  won’t  support  it,  but  we’d  like  to  help.” 

After  all,  you  don’t  have  to  control  these  proj¬ 
ects  completely.  You  can’t  afford  to  own  them, 
but  you  don’t  need  to.  What  you  really  want  is  to 
make  them  just  a  little  more  successful,  so  they 
don’t  cause  problems  with  your  existing  apps. 

That  might  be  as  simple  as  laying  a  single  re¬ 
quirement  on  the  table:  “Must  play  nicely  with 
existing  applications.” 

Or  it  might  mean  offering  to  help  test  the  new 
app’s  compatibility.  Or  offering  suggestions, 
hints  and  tips  for  the  project.  Or  doing  light 
oversight,  or  even  formal  reviews  of  the  work 
as  it’s  done. 

The  key  is  leaving  the  project’s 
cost  and  effort  in  users’  hands,  but 
participating  just  enough  to  keep 
the  project  from  raining  grief  on  IT 
down  the  line. 

It  won’t  eliminate  all  the  problems 
you  could  get  from  user-generated 
IT  projects  —  users  are  endlessly 
inventive.  But  at  least  you’ll  have  a 
hand  in  it,  and  you’ll  know  a  little 
more  about  what  else  may  go  wrong. 
If  you’re  lucky,  the  users  may  even 
thank  you  for  not  just  saying  no. 

And  you’ll  have  one  less  mess  to 
deal  with  this  time  next  year.  » 


FRANK  HAYES,  Computer- 
world's  senior  news  columnist, 
has  covered  IT  for  more  than 
20  years.  Contact  him  at  frank. 
hayes@computerworld.com. 


Learning  Experience 

User  complains  that  his  PC  sometimes  makes  “a 
sound  like  thunder.”  And  for  three  months,  the  prob¬ 
lem  has  this  pilot  fish  stumped.  “I  check  for  speaker 
interference,  knees  against  the  keyboard  tray,  error 
dialogs,  malware  -  no  luck,”  fish  says.  “Then  one 
day  there’s  a  power  outage,  and  the  user’s  PC  re¬ 
boots.  When  it  restarts,  the  thunder  sound  is  heard. 
Turns  out  the  user  installed  a  weather-tracking 
program  that  notified  him  whenever  a  weather  alert 
was  available  -  with  a  thunder  sound.  When  I  told 
him  about  the  problem,  the  user  responded,  ‘I  guess 
that's  why  you  don’t  allow  users  to  install  software, 
so  you  don’t  waste  your  time,  huh?’  ” 


No  Thanks 

Remote  user 
has  a  big  e-mail 
list  and  sends 
out  a  newsletter 
once  a  month  from 
home.  “The  list  is  com¬ 
pletely  opt-in,”  says  a 
pilot  fish  at  the  main  of¬ 
fice,  “but  as  aggressive 
as  antispam  measures 
are  becoming  these 
days,  his  ISP  cut  off  his 
connection  anyway.  So 
he  wrote  to  me,  tell¬ 
ing  me  that  he  wants 
remote  access  to  the 
corporate  mail  server  so 
he  can  send  his  mass 
mailing  through  that 
server  instead.  Appar¬ 
ently,  he  wasn’t  satis¬ 
fied  with  getting  just  his 
own  service  cut  off;  he 
wanted  to  try  for  an  en¬ 
core  by  seeing  whether 
he  could  get  the  entire 
organization's  e-mail 
cut  off  as  well!” 

All  Plugged  Up 

Two  sales  VPs  share  an 
office  because  they’re 
rarely  in  town  at  the 
same  time.  One  day,  one 
of  them  calls  this  pilot 
fish  because  the  printer 
won’t  work.  “I  check 
his  laptop  to  make  sure 
the  printer  is  installed, 
then  start  checking 


the  connec¬ 
tions,”  says  fish. 
Everything  is 
plugged  in  -  but 
not  quite  cor¬ 
rectly.  “After  I  moved 
the  printer’s  USB  cable 
out  of  the  mouse's  USB- 
to-PS/2  connector  and 
plugged  it  into  a  USB 
port,  everything  worked 
fine,”  fish  reports.  “But 
neither  sales  VP  has 
owned  up  to  the  errant 
connection.” 

Special  Delivery 

This  pilot  fish  is  three 
months  into  a  main¬ 
frame  job,  having  never 
worked  with  main¬ 
frames  before.  But  he’s 
got  a  more  pressing 
concern:  the  birth  of  his 
first  child.  “As  my  wife 
approached  the  intense 
part  of  her  labor,  the 
phone  in  the  delivery 
room  rang.  Thinking  it 
was  a  family  member, 

I  answered  it.  It  was  a 
senior  programmer  at 
work.  He  already  knew 
the  answer  to  the  minor 
problem  he  was  calling 
about  but  wanted  to 
point  out  my  mistake. 
Needless  to  say,  I  was 
not  allowed  to  touch  the 
phone  for  my  second 
daughter’s  delivery.” 
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Turn  back  network  time. 


Stop  missing  critical  events. 

For  a  trusted  approach  to  problem  resolution  rely  on  the  Network  Instruments*  GigaStor™  appliance. 
Everything  is  recorded — every  packet,  every  protocol,  every  transaction  for  days,  weeks,  even  months. 
The  unique  GigaStor  interface  provides  an  effective  way  to  go  back  in  time  to  determine  not  only 
when  the  application  went  down  but  why. 

Resolve  intermittent  network  problems,  track  compliance  efforts,  isolate  VoIP  call  quality  issues, 
and  more  on  the  most  complex  WAN,  Gigabit,  and  10  GbE  networks.  Find  out  how  you  can  turn 
back  the  clock  on  your  network.  After  all,  your  network  history  shouldn't  be  a  thing  of  the  past. 
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i  GigaStor:  Get  proof.  Take  action.  Move  forward. 
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Learn  more  about  GigaStor.  1-800-566-0919 

www.Networklnstruments.com/Tsme 
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Your  information  is  your  business. 

So,  who's 
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CA  ARCserve®  Backup. 

A  loss  of  information  is  a  loss  of  business.  But  with  the  multi-award  winning  CA  ARCserve  Backup 
solution,  your  business-critical  data  is  easily  protected  and  accessible.  That's  because  it  simplifies  the 
process  of  backup  and  recovery  by  providing  automated  backup  policies  across  multiple  environments. 

According  to  an  independent  study,  CA  ARCserve  Backup  is  the  fastest  backup  solution  on  the  market. 
It  even  wins  for  ease  of  use  and  can  be  installed  within  minutes.  And  it  automatically  encrypts  and 
scans  data  for  viruses  prior  to  backup  -  at  no  extra  cost  -  making  it  the  most  secure  solution  out  of 
the  box.  This  means  CA  ARCserve  Backup  can  help  automate  the  management  and  protection  of  your 
storage  environment,  so  you  can  focus  on  achieving  greater  business  value. 


Find  out  more  about  ARCserve  Backup  and  download  the  free  product 
trial  at  ca.com/backup 


Comprehensive  data  protection 
Backup,  restore  and  recovery 
Supports  any  storage  environment 
Broad  platform  and  application  support 
World-class,  24/7  customer  support 


Transforming 
IT  Management 


To  view  the  independent  study,  go  to  ca.com/backup 
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